ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Audit

v1.4.1

Health check knowledge base for broken links, missing frontmatter, tag inconsistencies, and coverage gaps. Use when user says "audit KB", "check frontmatter"...

0· 635·0 current·0 all-time
byRust@fortunto2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md describes finding .md files, checking frontmatter, tags, links, orphans, and coverage—all appropriate for a knowledge-base audit. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are focused on KB content and use Read, Grep, Glob, Bash and an internal search tool to analyze markdown files. The SKILL.md also says 'if a link-checking script exists in the project, run it' — this will execute project-supplied scripts if present, which is within audit scope but means the agent can run arbitrary code from the repository. Users should be aware of that execution risk.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. Requested access is limited to repository files and optional local scripts, which is proportional to an audit task.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. It can be invoked autonomously (default), which is normal; there's no evidence of modifications to other skills or global agent settings.
Assessment
This skill appears to do what it says: scan markdown files for frontmatter, links, tags, orphans, and coverage gaps. Before installing/using it, note two practical cautions: (1) it may execute any link-checker scripts found in your repo (it runs Bash and project scripts if present) — only run it against repositories you trust or run it inside a sandbox/container; (2) confirm what the listed tool mcp__solograph__kb_search is in your environment (it may call an internal search helper). No credentials or external downloads are requested. If you want extra safety, run the audit manually or review the audit output before applying any automated fixes.

Like a lobster shell, security has layers — review code before you run it.

latestvk978f95tbwbevk0jcy2qbb014d81k9zs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🩺 Clawdis

Comments