本地知识库
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: knowledge-spider Version: 2.0.0 The 'knowledge-spider' skill is a legitimate local knowledge base implementation for OpenClaw. It uses SQLite to store and manage user-provided information such as preferences and facts, with all data operations restricted to a local directory (~/.openclaw/workspace/skills/knowledge-spider/data). The code in src/index.py uses parameterized queries to prevent SQL injection and contains no network calls, obfuscation, or evidence of data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved in the knowledge base may shape future answers even after the original conversation is over.
The skill instructs the agent to prioritize stored knowledge-base content in future answers. That is purpose-aligned for a memory skill, but persistent stored content can be stale, wrong, or instruction-like and may influence later responses.
当回答用户问题时,如果知识库中已有相关信息(如用户偏好、历史事实),应优先采用知识库中的内容
Review and delete outdated or incorrect entries, and treat stored knowledge as user data rather than as higher-priority instructions.
If you save passwords, API keys, or similar secrets, they may remain in the local database and could be returned in later knowledge-base queries.
The skill's own category table says password/key-like content may be classified as important knowledge. This is local and user-directed, but it means sensitive secrets could become persistent agent memory.
| important | 重要、关键、密码、密钥 | 关键信息 |
Do not store credentials or recovery secrets in this skill; use a dedicated password manager or secret store instead.
A vague delete request could remove multiple saved memories from the local knowledge base.
The delete operation can remove records by exact ID or by fuzzy content match. This is aligned with the delete feature, but broad or ambiguous targets could delete more local records than intended.
DELETE FROM memories WHERE id = ? OR content LIKE ?
Confirm deletion requests carefully, prefer deleting by exact record ID, and consider adding a preview or soft-delete step.