Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Link Library
v1.0.0Personal knowledge base that captures web content (articles, tweets/threads, videos, podcasts, images, PDFs) and makes it retrievable for future conversation...
⭐ 0· 139·0 current·0 all-time
by不白@nowhitestar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to capture web content and make it retrievable, which matches the instructions. However the registry metadata declares no required binaries or credentials, while the SKILL.md explicitly invokes many external tools (curl/r.jina.ai, yt-dlp, xreach, a local python wechat script, etc.). Those tools are necessary for the described capabilities but are not declared — an incoherence that should be resolved before trust.
Instruction Scope
Instructions instruct the agent to fetch remote content and to always save the "full original text" into a local library directory (~/.openclaw/workspace-main/library/). They also instruct calls to third‑party fetch endpoints (e.g., https://r.jina.ai/URL), run yt-dlp to download subtitles/media, and run a local script at ~/.agent-reach/tools/wechat-article-for-ai. The SKILL.md also defines an auto-save policy (sometimes save without confirmation). These behaviors expand scope into network I/O, file writes, and potential disclosure of URLs/content to external services.
Install Mechanism
This is an instruction-only skill (no install spec) which is low-install risk on its own. However the skill expects many third‑party command-line tools and a local script; there is no guidance to install them. The lack of a declared install mechanism or dependency list is an operational and security gap (an operator may unknowingly run commands that fail or run unreviewed CLIs).
Credentials
The skill declares no required environment variables or credentials, yet the fetch methods (xreach for Twitter/X, a WeChat python script, yt-dlp for some sites) commonly require API tokens, cookies, or authenticated access. Also using remote services like r.jina.ai to fetch page text will transmit user-shared URLs (and potentially page content) to a third party. The absence of declared credentials or mention of where sensitive tokens are stored is disproportionate and ambiguous.
Persistence & Privilege
The skill writes content persistently to a specific path under the user's home directory and mandates saving full original text (potentially storing sensitive or copyrighted material). Although always:false, the skill allows autonomous invocation and includes auto-save rules that can save without explicit confirmation in some cases, which combined with network fetches to third parties increases privacy/exfiltration risk.
What to consider before installing
Before installing or enabling this skill: (1) Treat it as capable of writing persistent files under ~/.openclaw/workspace-main/library/ and of sending URLs/content to third parties (e.g., r.jina.ai) — do not use it with sensitive or corporate links until you trust those endpoints. (2) Confirm which binaries and local scripts it requires (yt-dlp, xreach, curl, python3, the local wechat script) and inspect/install them from trusted sources; the skill currently declares none. (3) Consider disabling or changing the auto-save policy — require explicit user confirmation before saving full original text. (4) If you need to use it, run it in a sandboxed account or VM and audit the files it writes and the network calls it makes. (5) What would increase confidence: an explicit dependency/install section, a clear list of required credentials and how they’re used/stored, and removal or opt-in control over third‑party fetch endpoints (or an option to fetch content locally rather than via r.jina.ai).Like a lobster shell, security has layers — review code before you run it.
latestvk978r26x2zkss5sacv2nw3mgj9837w1s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.