Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Source Library
v2.1.1Searchable knowledge base that captures and cross-references everything users share. Auto-triggers when user shares ANY URL (article, tweet, thread, repo, vi...
⭐ 0· 597·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match what is provided: Node.js scripts that create and manage a local markdown-based knowledge base under life/source. The skill requires no credentials, no external binaries, and the code reads/writes workspace files to implement the described features (save, list, search, connections, queue). There are no environment variables or binaries requested that are unrelated to the purpose.
Instruction Scope
SKILL.md instructs the agent to auto-process any URL shared in chat and to run the included node script commands. The runtime instructions and code operate on workspace files and call node scripts via shell (allowed-tools 'Bash(node:*)'), which is consistent with the described behavior. This auto-triggering can capture links the user didn't intend to persist. The visible code performs filesystem traversal to find a workspace root and reads/writes files under life/source; that is coherent but has privacy implications. The provided files do not show arbitrary network calls, but the SKILL.md implies automatic analysis (agent-level summarization) — review the rest of the code (the truncated portion) to confirm no web fetching or remote endpoints are contacted when auto-processing.
Install Mechanism
No install spec is provided (instruction-only install), so nothing is downloaded or extracted during install. The package includes only local Node.js scripts and a package.json; there are no remote URLs, third-party packages fetched by the skill itself, or installation steps that would pull arbitrary code from the network.
Credentials
The skill requests no secrets or API keys. It optionally respects OPENCLAW_WORKSPACE to locate the workspace root, which is proportionate. There are no credentials or config paths declared that would grant access to unrelated services.
Persistence & Privilege
always:false and disable-model-invocation:false (defaults) — the skill can be invoked autonomously by the agent, and SKILL.md describes automatic triggers on shared URLs. The skill writes persistent markdown files under the user's workspace (life/source). This is expected for a knowledge-base skill, but combined with the auto-capture behavior it increases the risk of unintentionally persisting sensitive URLs or metadata. The skill does not request system-wide privileges or attempt to modify other skills' configs.
Assessment
This skill appears to do what it says: create and manage a local markdown knowledge base. Before installing or enabling auto-triggering, consider the following:
- Privacy: the skill auto-processes and saves any URL shared in chat. If you (or other users) sometimes post private links, one-off auth-bearing URLs, or internal resources, those could be written to disk. Avoid sharing sensitive links while it's enabled or disable the auto-trigger.
- Workspace location: set OPENCLAW_WORKSPACE to a directory you control (or run setup in a sandbox workspace) so saved files go where you expect (life/source/*). Review permissions on that directory.
- Inspect remainder of code: the provided source shows only filesystem operations; however a truncated portion remains. Review the full scripts/source-library.js to confirm there are no network fetches or remote endpoints used when auto-processing.
- Run tests in a sandbox: run scripts/test.js with OPENCLAW_WORKSPACE pointed to a disposable temp directory to see behavior and outputs before using with real data.
- Canonicalization limits: the code strips some tracking params (utm_*, fbclid, gclid, etc.) but will not remove secrets embedded in URL paths or uncommon query param names. Be careful with token-bearing URLs.
- Control auto-processing: if you want the library but not automatic captures, install the skill but do not enable the agent-side auto-trigger, or use the CLI manually to save only links you want persisted.
If you want me to, I can (a) scan the remaining truncated portion of scripts/source-library.js for network activity and hidden behavior, (b) produce a checklist of file-system paths and example commands to sandbox the skill safely, or (c) highlight exact lines to change to disable automatic saving.Like a lobster shell, security has layers — review code before you run it.
latestvk97673vepf4jsqedaa2vs60pvn81j88g
License
MIT-0
Free to use, modify, and redistribute. No attribution required.