Skillv1.0.0

ClawScan security

WikiLocal Personal Knowledge Wiki · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 3:30 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and resource use are consistent with a local personal wiki: it reads/writes files under a wiki directory and does not request credentials, external network access, or unusual installs.
Guidance: This skill appears to do what it says: it stores and indexes wiki articles in local files and does not contact external services or request credentials. Before installing, consider: 1) Where files will be stored — by default ./wiki/articles and ./wiki/index.json — and whether that location is acceptable; change wikiDir/indexFile if you want a different path. 2) Back up any important data before using the skill (it writes files and updates the index). 3) Review the embedded code if you want to confirm behavior (it uses synchronous fs operations and will create stub files for related articles). 4) Run the skill in a restricted/sandboxed environment if you want additional containment. Finally, note that the agent can modify local files when invoked — if you need stricter control, disable autonomous invocation or monitor agent actions.

Purpose & Capability: okName/description describe a local personal wiki. The included src/wiki-local.js implements a file-backed wiki (./wiki/articles, ./wiki/index.json) with add/search/backlinks/stats features that match the description — no unrelated credentials or binaries are requested.
Instruction Scope: okSKILL.md instructs conversational use and local storage only. The runtime code performs local filesystem operations only (read/write index and markdown files, create stubs) and does not reference external endpoints, unrelated system paths, or environment variables.
Install Mechanism: okThere is no install spec; the skill is instruction/code-only and relies only on Node builtins (fs, path). Nothing is downloaded or executed from external URLs and no third-party packages are pulled in.
Credentials: okThe skill declares no environment variables, credentials, or special config paths. The code uses default local paths and does not access secrets or external services.
Persistence & Privilege: noteThe skill writes persistent files to the local filesystem (by default ./wiki/articles and ./wiki/index.json), which is expected for a wiki. 'always' is false and model invocation is allowed (default). This is normal but means the agent can create/modify local files when invoked.