Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Note Linking
v1.0.0Automatically discovers and suggests bidirectional semantic links between your notes, builds a knowledge graph, and enables queries without external APIs or...
⭐ 0· 40·0 current·0 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code and instructions: all files and SKILL.md implement local note discovery, TF‑IDF/Jaccard scoring, graph construction, queries and exports. No unrelated credentials, binaries, or network calls are requested.
Instruction Scope
The runtime instructions and code legitimately read an entire notes directory recursively and produce link suggestions. However, export.js will automatically append `[[wikilink]]` entries to source files for edges classified as 'auto' (score ≥ 0.85) without performing backups or prompting the user. The skill therefore performs destructive writes to user content as part of normal operation, which is a scope/safety concern even if consistent with the stated goal.
Install Mechanism
No install spec; this is instruction+pure-Node.js code that runs locally. This minimizes supply-chain risk — no external downloads or registries are used.
Credentials
The skill requests no environment variables, credentials, or external endpoints. It only accesses filesystem paths (notes directory, temp cache). That scope is proportionate to its function — but be cautious about which directory you point it at (e.g., don't point it to your whole home directory).
Persistence & Privilege
The skill is not 'always: true'. It can be invoked autonomously (default platform behavior), which combined with its file-modifying behavior increases risk if you allow automatic agent actions. It writes a cache file (TEMP) and may edit notes in-place; there is no built-in backup or preview/dry-run mode in the provided code.
Scan Findings in Context
[pre-scan-none-detected] expected: The static regex scanner reported no findings. That fits the code: it is pure local JS with no network calls or obfuscation. Absence of findings does not reduce the concern about file modifications.
What to consider before installing
This skill is coherent with its description and runs entirely locally (no network), but it will edit your notes: export.js appends `[[wikilink]]` entries for high-confidence matches without prompting or backup. Before installing/using: (1) Review the code yourself or in a safe environment; (2) Run it against a copy/test folder (do not point it at your live ~/ or entire home directory); (3) Prefer query/export operations (json/mermaid) to inspect suggested links before enabling 'auto' writes; (4) If you need safety, add a manual/preview mode or modify export.js to create backups (e.g., copy files to a timestamped folder) or to require user confirmation before rewriting files; (5) Consider disabling autonomous skill invocation in the agent (if the platform allows) so it can't write files without explicit user action. If you want, I can point out the exact lines where files are modified and suggest minimal code changes to implement a dry-run and backups.Like a lobster shell, security has layers — review code before you run it.
latestvk97dncpsy17xe6v4th3egdgqp584mz02
License
MIT-0
Free to use, modify, and redistribute. No attribution required.