Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Knowledge Graph
v1.1.1Embedded knowledge graph for persistent structured knowledge. ALWAYS use proactively — do NOT wait for user to ask. Auto-triggers on: (1) any mention of peop...
⭐ 2· 748·7 current·7 all-time
byHong Phuc Nguyen@xnohat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the included code (graph CRUD, search, KGML summary, visualization, a vault). One minor mismatch: the human-readable description demands the KG be used “ALWAYS” and to auto-trigger proactively, but registry flags show always:false (the skill expects to patch agent instruction files at install time to cause proactive use rather than being force-included by the platform).
Instruction Scope
Runtime instructions and scripts instruct the agent to proactively add many types of personal data (people, locations, routines, credentials) and to run the install script which patches agent instruction files. The skill also instructs storing credentials in an encrypted vault and the serializer will include vault key NAMES in the KGML summary (not values). The combination of proactive capture of sensitive categories and auto-injection into agent prompts increases risk of unintended collection/exposure.
Install Mechanism
No external install downloads; code is local JS (node scripts). That reduces supply-chain risk. However install.mjs will modify workspace agent instruction files (AGENTS.md/CLAUDE.md/GEMINI.md) and create data/ files under the skill — this is intrusive but described in the docs. Review the install script before running.
Credentials
The skill requests no environment variables (good), but it stores an encrypted vault and places the vault key file inside the skill folder for portability. The design intentionally keeps vault keys next to the skill (documented trade-off). The serializer exposes vault key NAMES in the KG summary — while values are encrypted, key names may leak sensitive metadata when the KG summary is loaded into an LLM context or shared.
Persistence & Privilege
The skill is not set always:true, but the installer patches the agent's instruction file so the agent will be instructed to consult/add the KG proactively. That gives the skill persistent influence over agent behavior (via modified instructions) even without platform-level always:true; this is explained in docs but is a material privilege and should be reviewed.
What to consider before installing
This skill appears to implement the advertised local knowledge graph and secret vault, but it also (1) patches your agent instruction file at install time to cause proactive use, (2) encourages saving many sensitive data types (people, locations, routines, credentials), and (3) stores the vault key and an encrypted vault inside the skill folder for portability. Before installing: review scripts/install.mjs to see exactly what files it will modify; back up your AGENTS.md/CLAUDE.md/GEMINI.md; inspect scripts/serialize.mjs and vault.mjs to confirm vault behavior (what metadata is emitted into kg-summary.md); ensure data/ is in .gitignore and that .vault-key and vault.enc.json are created with strict permissions; consider keeping high-risk secrets in a separate, audited vault (not the skill folder); and consider disabling the proactive injection behavior or limiting the auto-trigger rules so the skill doesn't automatically capture broad personal data. If you want additional assurance, provide the install.mjs and serialize.mjs contents and I can highlight the exact lines that modify agent files or emit vault key names.Like a lobster shell, security has layers — review code before you run it.
latestvk97dnw2btvdjesg4qjj3ksbkv1824yqw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.