Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
LLM Wiki - Personal Knowledge Base
v1.0.0个人知识库构建系统(基于 Karpathy llm-wiki 方法论)。让 AI 持续构建和维护你的知识库, 支持多种素材源(网页、推特、公众号、小红书、知乎、YouTube、PDF、本地文件), 自动整理为结构化的 wiki。 触发条件:用户明确提到"知识库"、"wiki"、"llm-wiki",或要求对已初始...
⭐ 0· 10·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and scripts (multiple url-to-markdown adapters, YouTube transcript extractor, init/ingest scripts) match the stated purpose of building a local wiki from URLs/files. However the registry metadata declares no required binaries or env vars while the SKILL.md and scripts clearly require Chrome (CDP), bun/npm/node, and other runtime tools (and check for 'uv' for some adapters). The omission of these runtime requirements in metadata is an inconsistency the user should be aware of.
Instruction Scope
Runtime instructions read/write files in the user home and chosen wiki directory (e.g., creating ~/.llm-wiki-path, .wiki-schema.md, wiki files), run scripts under scripts/, and will launch or attach to a Chrome debug instance to render pages. The URL->markdown pipeline can optionally download media and will, on local failure, call a remote fallback (https://defuddle.md/<url>) to fetch markdown. These behaviors can expose page contents, including pages that require a logged-in browser session, to local disk and to a remote service — a privacy risk if you ingest sensitive pages.
Install Mechanism
There is no formal install spec in the registry (instruction-only), which reduces supply-chain download risk; the repo includes many scripts bundled inside the skill (install.sh, setup.sh, adapters). No installer downloads code from unknown shorteners or personal IPs in the visible files. Still, the included scripts will invoke system tools (bun/npm, Chrome) and may write new config files in your home when run.
Credentials
The skill does not request explicit credentials in metadata, but it will (if used for some sources) rely on a local Chrome profile and may reuse a running Chrome debug port. That means the skill can render pages with your logged-in sessions (cookies) to capture private content. It also will create config under ~/.baoyu-skills and ~/.llm-wiki-path and may download media to output directories. The number and type of filesystem and browser accesses are proportionate to a web-capture tool, but they carry non-trivial privacy implications that are not surfaced in the registry's declared requirements.
Persistence & Privilege
The skill does not request an 'always' privilege. It will persist state/config locally (writes ~/.llm-wiki-path, EXTEND.md under ~/.baoyu-skills or project dir, and creates the wiki files in the chosen path). This is expected for a local knowledge-base tool, but users should expect persistent files in their home directory and chosen wiki directories.
What to consider before installing
This skill is functionally coherent with a local wiki-builder but has behaviors you should consider before installing:
- Runtime dependencies not declared in the registry: the skill expects Chrome (CDP/debug port), bun or npm/node, and other adapters (e.g., 'uv' for some extractors). Ensure those tools are available and review how the skill will invoke them.
- Filesystem writes: init and ingest flows will create and modify files in the chosen wiki folder and in your home (e.g., ~/.llm-wiki-path, ~/.baoyu-skills/EXTEND.md). If you care about cleanup or provenance, pick an isolated directory or container for the wiki.
- Browser/profile access & privacy: the URL capture adapters will attach to or launch Chrome and may reuse your browser profile to access pages that require login. That means content from sites you’re logged into can be rendered and saved to disk — treat it as potentially sensitive and avoid ingesting private pages unless you trust the environment.
- Remote fallback: when local capture fails the tool calls a third‑party fallback (defuddle.md) to fetch/convert the page. That sends the target URL (and may send content) to an external service; review its privacy implications before using automatic fallback.
- Recommended precautions: read install.sh/setup.sh and scripts (especially adapters and network calls) before running; run the skill in an isolated user account, VM, or container if you will ingest sensitive sources; disable automatic fallback or network access if you need stricter privacy; and review or edit the EXTEND.md prompts when first-run preferences are saved.
If you want, I can: (1) point out the exact lines where the skill launches or attaches to Chrome and where it calls defuddle.md, (2) suggest a minimal safe invocation (e.g., run only on local files, disable network fallbacks), or (3) produce a short checklist to audit/lock down the scripts before running.deps/baoyu-url-to-markdown/scripts/vendor/baoyu-chrome-cdp/src/index.test.ts:89
Shell command execution detected (child_process).
deps/baoyu-url-to-markdown/scripts/vendor/baoyu-chrome-cdp/src/index.ts:220
Shell command execution detected (child_process).
deps/baoyu-url-to-markdown/scripts/vendor/baoyu-chrome-cdp/src/index.ts:97
Environment variable access combined with network send.
deps/baoyu-url-to-markdown/scripts/vendor/baoyu-chrome-cdp/src/index.ts:202
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
knowledge-basevk977xhntksyjvp9qxecj609fwx84d4mqlatestvk977xhntksyjvp9qxecj609fwx84d4mqnote-takingvk977xhntksyjvp9qxecj609fwx84d4mqobsidianvk977xhntksyjvp9qxecj609fwx84d4mqproductivityvk977xhntksyjvp9qxecj609fwx84d4mqwikivk977xhntksyjvp9qxecj609fwx84d4mq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.