Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Linkmind
v1.0.0LinkMind 知识连接引擎 Phase 2 - 本地化知识中枢 CLI 工具,支持 storage adapter 抽象层和 OpenAI-compatible embedding provider。
⭐ 0· 12·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the included code: the package implements a local CLI for ingest/query with JSON/SQLite storage and mock/OpenAI-compatible embedding providers. However there are small mismatches: the README and code mention better-sqlite3 as the SQLite dependency while package.json lists optionalDependency "sqlite3" (different package); the CLI help and some code reference a 'keyword' embedding mode/default but the embedding factory only supports 'mock' and 'openai'. These inconsistencies look like sloppy packaging rather than malicious intent, but they are unexplained.
Instruction Scope
SKILL.md instructs building (npm run build) and running the bundled CLI (node dist/index.js) and shows example CLI commands (ingest, query, status, reset). The runtime instructions operate on files within the skill (data/workspace.json, examples/) and on user-supplied files for ingest. The code does not instruct reading unrelated system config or exfiltrating data. The included smoke-test runs the CLI via execSync (shell) which will modify files under the skill's data directory when executed; that's expected for tests but users should be aware it performs filesystem operations.
Install Mechanism
There is no external install script; this is an instruction- and code-bundle (no downloads). All code is included in the skill archive; nothing is fetched from arbitrary URLs at install time. No extract-from-URL or remote installer is present.
Credentials
The skill declares no required environment variables or primary credentials. The OpenAICompatibleProvider accepts an apiKey/baseURL model in its constructor and will call the configured baseURL (e.g., api.openai.com or a self-hosted vLLM/Ollama endpoint) via fetch; the skill itself does not request an API key via env, nor declare one in metadata. This is acceptable but means the user must supply keys at runtime. Also, package.json optionalDependencies mismatch (sqlite3 vs better-sqlite3) may lead to unexpected install-time behavior if the user attempts to enable SQLite.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It stores workspace data under the skill's data/ directory (data/workspace.json and optional data/db.sqlite) and does not attempt to modify other skills or system-wide config. The smoke-test and CLI will write/read those local files.
What to consider before installing
Summary of important points and what to check before installing/running:
- Purpose-match: The code implements a local CLI knowledge engine (ingest, query, JSON/SQLite storage, mock/OpenAI-compatible embedding). That matches the SKILL.md description.
- Network access: If you enable the OpenAICompatibleProvider (type 'openai'), the skill will make outbound HTTP POSTs to the configured baseURL and will include the supplied API key (Authorization: Bearer ...) if provided. Only enable that when you trust the baseURL and provide a key you control.
- Dependency mismatch: The SQLite adapter's code requires better-sqlite3, but package.json lists optionalDependency "sqlite3". If you plan to use SQLite, ensure better-sqlite3 is installed (or adjust the code/package) — otherwise the adapter will throw on init. This is likely a packaging bug, not necessarily malicious, but it can cause runtime surprises.
- CLI/provider mismatch: The CLI/help refers to a 'keyword' embedding mode/default while the embedding factory supports 'mock' and 'openai'. Expect to supply 'mock' or 'openai' explicitly when invoking the CLI or using the API; otherwise embedding-based reranking may not behave as documented.
- Filesystem effects: The tool reads user-specified files for ingestion and writes the workspace to data/workspace.json (and data/db.sqlite if using SQLite). The included smoke-test runs CLI commands (via child_process.execSync) and will modify the skill's data directory. Back up any important files before running tests or reset commands.
- Provenance: The skill metadata shows a repository URL in skill.json, but the top-level metadata lists Source: unknown and Homepage: none. If provenance matters to you, inspect the repo (https://github.com/harrylabsj/linkmind) and verify the publisher before trusting the package.
- Recommended actions:
- Review the OpenAICompatibleProvider usage and confirm the baseURL you will point it at, and avoid supplying production secrets to unknown endpoints.
- If you plan to enable SQLite storage, install better-sqlite3 (or fix package.json) and test in a sandbox.
- Run the CLI and smoke-test in an isolated environment (e.g., a disposable project directory) so you can inspect created data/workspace.json.
- If you are not comfortable with the dependency/packaging inconsistencies or unknown provenance, treat this as untrusted code and do not provide sensitive API keys or run it on production data.
Confidence: medium — the code and docs are largely coherent but packaging/CLI mismatches and the unknown source require caution.tests/smoke-test.js:18
Shell command execution detected (child_process).
src/providers/openai.js:63
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk971n1f522wezmzhavend9w0rh849vwh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.