ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Huo15 Openclaw Openai Knowledge Base

v2.2.1

火一五知识库技能 - 基于 Andrej Karpathy 的 LLM Knowledge Bases 方案。每个企微 Agent 独立隔离,自动在 Agent 工作目录下创建专属知识库。触发词:知识库、入库知识库、查询知识库、编译知识库、体检知识库、同步知识库、激活知识库。

0· 3·0 current·0 all-time
byJob Zhao@zhaobod1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and instructions line up with the stated purpose (ingest → compile → wiki → optional Obsidian sync). Declaring obsidian-cli as a required binary is reasonable for Obsidian integration. However, the scripts rely on other runtime tools (python3 and node are used in multiple scripts, plus common POSIX utilities) which are not listed in the skill's declared requirements — a peripheral inconsistency but not necessarily malicious.
!
Instruction Scope
Runtime instructions and scripts build prompt files containing the full text of ingested raw documents (cache/compile_prompt.md, cache/lint_prompt.md) and instruct the agent to run OpenClaw commands that send those prompts to the configured LLM provider. The scripts also read local OpenClaw model configuration (~/.openclaw/agents/.../models.json) to obtain API keys and attempt to discover and read Obsidian configuration (~/Library/Application Support/obsidian/obsidian.json) to locate vaults. obsidian-sync.sh will copy wiki files into the resolved vault path (which may be local, iCloud/Dropbox-backed, or otherwise synced). These behaviors are coherent with the skill's purpose but introduce privacy and exfiltration risk because user data and raw documents are transmitted to external LLM endpoints and may be written into synced cloud folders.
Install Mechanism
There is no automated install spec (instruction-only installs are lowest-risk). The package includes scripts that are meant to be run by the user. No remote downloads or archive extraction are present in the manifest. That said, some scripts reference brew installs (obsidian-cli) in dependencies, but installation steps are not automated by the skill itself.
Credentials
The skill does not declare required environment variables but reads AGENT_DIR (or infers it) and local OpenClaw models.json to obtain provider baseUrl and API keys. Accessing models.json is necessary for making LLM calls, so credential access is proportionate — however, this is sensitive: the skill will use any API key found in those files to authenticate outbound requests. The skill also reads system paths (Obsidian config under Application Support) to locate vaults; reading those files is not justified in the metadata and may expose information about other installed apps or locations.
Persistence & Privilege
always:false and user-invocable:true (default) — no forced persistent presence. There is a script (install-all-agents.sh) that, if run, will create KB directories for all agents under ~/.openclaw/agents — a powerful administrative operation, but it must be executed by the user. The skill does not appear to modify other skills' configs automatically.
What to consider before installing
What to check before installing or running this skill: - Understand data flow: compile and lint generate prompt files containing full document text (cache/*.md) and then call whatever LLM provider is configured in your OpenClaw models.json. That means raw documents and potentially sensitive content will be sent to the remote model endpoint. If you use a cloud-hosted LLM, review and accept that exposure. - Review models.json: the skill reads your OpenClaw provider config (~/.openclaw/agents/.../models.json) and will use API keys found there. Ensure only trusted providers/keys are present. - Obsidian sync: obsidian-sync.sh can copy files into your Obsidian vault path (which may be cloud‑synced). If you do not want knowledge-base files written to an externally synced vault, keep obsidian.enabled=false or set vault_path to a local-only folder. - Runtime dependencies: scripts call python3 and node (and use macOS-specific sed -i '' constructs and paths under ~/Library/...). Those tools are not declared in the skill metadata. Ensure you have the expected runtime environment (or inspect and adapt scripts) before running. - Least privilege and testing: run the skill in a sandboxed user account or test environment first. Inspect the scripts (kb-llm.py, obsidian-sync.sh, ingest/compile/lint) to confirm they do what you expect. Back up any Obsidian vault you plan to sync to. - If you want extra safety: disable automatic sync, avoid running install-all-agents.sh, and manually run individual scripts after code review. If unsure, treat the skill as potentially exfiltrating local content to configured LLM endpoints and proceed accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aj5k9p8c9qjr8jn58vqnsbx84phf1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binsobsidian-cli

Comments