Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Preflight
v1.0.5Automatically inject relevant skills and protocols into agent context using local embeddings. Free, no API calls — uses Ollama with nomic-embed-text.
⭐ 0· 81·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, package.json, and dist/index.js all describe and implement the same feature: local scanning of skills/protocols, embedding via nomic-embed-text through an Ollama HTTP API, ranking by cosine similarity, and injecting top matches. There are no unrelated credential or binary requirements.
Instruction Scope
Instructions and implementation explicitly read markdown files from configured workspace directories (skills/, memory/protocols/, tools files, pinned docs) and embed both the incoming prompt and full document text. That behavior is expected for the stated purpose, but it means any secrets or credentials embedded in your docs will be read and (depending on configuration) transmitted for embedding.
Install Mechanism
No external install script or remote downloads are included in the plugin bundle. The only external runtime dependency is Ollama and the local embedding model (which the SKILL.md instructs you to pull). No arbitrary URL downloads or archive extraction are present in the provided files.
Credentials
The plugin declares no required environment variables or credentials and the code doesn't request unrelated secrets. The main configuration risk is the ollamaBaseUrl: if set to a remote host, prompt text and indexed docs (including any secrets in them) will be sent to that host. The code and docs clearly warn about this trust-boundary change.
Persistence & Privilege
The skill is not force-enabled (always: false), doesn't request elevated privileges, and appears to only operate within its own configured scope (workspace doc dirs and its session caches). It does not modify other skills' configurations per the provided files.
Assessment
This plugin is internally consistent and implements what it claims, but review these before enabling: (1) Keep ollamaBaseUrl set to localhost/127.0.0.1/::1 unless you trust the remote host — otherwise your prompts and all indexed docs (including any embedded secrets or API keys in markdown) will be transmitted off-host. (2) Audit your skills/ memory/protocol markdown and remove any secrets or credentials before allowing the plugin to index them, or restrict protocolDirs/skillsDirs to safe paths. (3) Because the repository source is 'unknown' in the metadata provided, review the dist/index.js (full file) yourself or run the plugin in a sandbox to confirm behavior matches expectations. (4) Tune minScore, maxDocLines, and pinnedDocs to reduce accidental injection of large or sensitive docs. (5) If you need higher assurance, run Ollama locally and validate network traffic to ensure embeddings never leave your machine.dist/index.js:23
Dynamic code execution detected.
dist/index.js:138
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk977ez93wkhjs03skdme7h6k0h83nxgm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.