ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Knowledge Base Collector

v0.1.3

Collect and organize a personal knowledge base from URLs (web/X/WeChat) and screenshots. Use when the user says they want to save an URL, ingest a link, archive content to KB, tag/classify notes, store screenshots, or search their saved knowledge in Telegram. Supports WeChat via a connected macOS node when cloud fetch is blocked.

1· 949·3 current·3 all-time
byReed@reed1898
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the code: scripts ingest URLs and images, write content.md/meta.json entries, index.jsonl, tag entries, and provide search/weekly digest tools. However SKILL.md claims a higher-success WeChat path that uses a connected macOS node ('nodes.run' / Reed-Mac) to fetch blocked articles; the provided scripts contain no implementation of that node-side relay or any nodes.run call. Also the SKILL.md mentions supporting Telegram Q&A flows, but there is no Telegram integration code — only CLI search output suitable to be called by an external Telegram bridge.
Instruction Scope
Instructions stay focused on ingesting URLs/images and writing to a KB on disk. They instruct network fetches (requests) and using r.jina.ai to extract text; they do not ask the agent to read unrelated system files. Caveat: SKILL.md suggests using a macOS node for blocked WeChat fetches, but the code falls back to creating placeholders; that advertised automatic remote execution is not present in the codebase.
Install Mechanism
No install spec; this is instruction + small Python scripts that run with Python + requests. Nothing is downloaded or written outside the KB folder by the code itself. Low install risk.
!
Credentials
The skill requests no credentials or special env vars. However it makes outbound network requests to third parties: it fetches the target URLs and uses https://r.jina.ai/<URL> as an extraction proxy. That means the target URL (and potentially its content via the proxy) is sent to a third-party service — this is proportional to fetching/extracting content but may leak sensitive URLs or article content (including tokens or screenshots if you later add image-to-LLM OCR). The default KB root (/home/ubuntu/.openclaw/kb) may contain sensitive artifacts; the skill will write files there with no extra access control.
Persistence & Privilege
Skill does not request always:true, does not modify other skills, and only writes files under a single KB tree. It can run autonomously (normal default) but has no elevated platform privileges.
What to consider before installing
This skill appears to implement a simple local knowledge-base writer and searcher and is mostly coherent with its description — but review these points before installing: - Third-party extractor: ingest_url.py uses https://r.jina.ai/<URL> to extract article text. That sends the target URL (and the extractor will fetch its content) to a third-party service; do not ingest URLs or articles that contain secrets or private tokens unless you accept that risk. Consider replacing r.jina.ai with a local extractor if privacy is required. - Claimed macOS node path is not implemented: SKILL.md mentions executing fetches on a connected macOS node (nodes.run) to bypass WeChat cloud blocks. The provided scripts do not implement remote node execution — instead they create placeholder entries for blocked WeChat pages. If you need automatic remote relays, the code does not provide them and the SKILL.md claim is misleading. - Local storage & permissions: by default the skill writes to /home/ubuntu/.openclaw/kb. Ensure that directory has appropriate filesystem permissions and that you don't inadvertently store screenshots or pages containing credentials, one-time codes, or other sensitive info. The code includes a reminder to redact tokens, but redaction is manual. - Network exposure: the scripts issue HTTP GETs to target URLs and to r.jina.ai via the host running the skill. If the agent runs in an environment with access to internal/intranet hosts, feeding internal URLs will cause external network requests (possible data leakage). - Review/validate: because the skill source and homepage are unknown and the package was published by an unfamiliar owner, consider running the scripts in a sandbox, inspecting KB output paths, and optionally forking/modifying the code to use a local extractor or to log fewer details before deploying to production. If these caveats are acceptable (or you modify the extractor behavior and storage path), the skill looks usable for basic KB ingestion. If you need stronger privacy guarantees, treat it as untrusted until you replace the external extractor and confirm the macOS relay behavior you expect.

Like a lobster shell, security has layers — review code before you run it.

bookmarkingvk975975ds5bjnqbpbzknvxz5td813ne3collectorvk975975ds5bjnqbpbzknvxz5td813ne3knowledge-basevk975975ds5bjnqbpbzknvxz5td813ne3latestvk973nhzva5g41ma5zjgrnaafh1813wtenotesvk975975ds5bjnqbpbzknvxz5td813ne3ocrvk975975ds5bjnqbpbzknvxz5td813ne3telegramvk975975ds5bjnqbpbzknvxz5td813ne3wechatvk975975ds5bjnqbpbzknvxz5td813ne3xvk975975ds5bjnqbpbzknvxz5td813ne3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments