Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
KMind文档转思维导图
v0.1.0将 Markdown 大纲或纯文本转换为 KMind 导图,并导出 SVG 或 PNG 图片。支持主题、布局、连线、深浅色和彩虹分支配置。
⭐ 1· 66·1 current·1 all-time
by@suka233
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the requested binaries and config. Requesting node and access to a browser (browser.enabled) is coherent for a local HTML/headless‑render export tool. Bundling a CLI and render code is expected for an offline renderer.
Instruction Scope
Runtime instructions are narrowly scoped to running the bundled CLI: node scripts/kmind-render.mjs ... and to using a local Chromium/browser for rendering. The SKILL.md explicitly states offline operation and does not declare network endpoints. However, the SKILL.md contains pre-scan prompt‑injection indicators (base64 block and unicode control characters) which could hide or obfuscate instructions — that is a red flag and warrants inspection of the raw SKILL.md for hidden content.
Install Mechanism
No external install/downloads are declared; the skill is instruction+bundled code (no URL downloads). That is lower risk than fetching arbitrary remote binaries. The vendor files are large (several MB) — expected for a bundled renderer UI but they should be audited because the code will run locally.
Credentials
The skill declares no environment variables or credentials. It only needs node and browser access, which match the stated purpose. No unrelated secrets are requested.
Persistence & Privilege
always is false and the skill does not request system‑wide changes. It spawns a local child node process; nothing indicates it will modify other skills or agent config autonomously.
Scan Findings in Context
[base64-block] unexpected: SKILL.md contains a base64 block pattern. Base64 embedded data is uncommon for a simple usage/instruction file and could be used to hide instructions or payloads. This should be inspected and decoded before trusting the skill.
[unicode-control-chars] unexpected: SKILL.md contains unicode control characters. These can be used to obfuscate or alter the visible text (e.g., hiding commands or inserting invisible directives). Review the raw file for hidden characters.
What to consider before installing
What to consider before installing/running: 1) Source is unknown and there is no homepage — prefer packages from known authors. 2) The skill bundles several megabytes of JS and will execute locally; inspect the vendor files (search for network calls, puppeteer/playwright, fetch/https/http, and any hardcoded URLs). 3) The SKILL.md triggered 'base64-block' and 'unicode-control-chars' heuristics — open the SKILL.md in a hex/text viewer and search for hidden or encoded payloads; decode any base64 you find. 4) Run the tool in a sandboxed environment (isolated VM or container) the first time; use --browser manual and avoid automatic browser launches until you confirm behavior. 5) If you need higher assurance, ask the author for source/origin or for a minimal audited build; absence of network requests and a clean SKILL.md would raise confidence. If you want, I can: (a) search the bundled files for network-related strings (http, https, puppeteer, download), (b) extract and display any base64 blocks for inspection, or (c) point out exact files/lines that look suspicious.scripts/kmind-render.mjs:10
Shell command execution detected (child_process).
scripts/vendor/cli.mjs:6005
Shell command execution detected (child_process).
scripts/vendor/render-job-browser.js:96980
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97ay0rq6csr7f7yer273jbdhs8455f2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
Binsnode
Configbrowser.enabled