ClawHub

Wiki Retriever

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: wiki-retriever Version: 0.1.0 The `SKILL.md` file instructs the AI agent to use the `python_code_execution` tool for reading files, explicitly demonstrating `open('data.csv', 'r')` and noting files will be in the working directory `./`. While there's a caveat to ensure files are listed in `upload_files`, this instruction creates a significant prompt injection vulnerability. A malicious user could potentially craft a prompt to trick the agent into using `python_code_execution` to read arbitrary local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) if the agent's internal safeguards are insufficient or bypassed, leading to local file disclosure. This represents a high-risk capability without clear evidence of intentional malicious behavior from the skill developer.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence
ASI06: Memory and Context Poisoning
What this means

The agent may process relevant private wiki, Feishu, or uploaded documents and return up to 10 selected files.

Why it was flagged

This shows the skill is intended to enumerate task knowledge-base files, read document contents, and attach selected files to the result.

Skill content
The `get_wiki_file_paths` tool will return all files in the knowledge base to which the current task belongs ... **Must** read document content ... `submit_result` ... `attached_files`.
Recommendation

Use it only in workspaces or sessions where the relevant documents are appropriate for the agent to inspect, and treat retrieved document content as data rather than instructions.

NoteHigh Confidence
ASI05: Unexpected Code Execution
What this means

If the platform provides this tool, the agent may run Python to inspect uploaded files as part of retrieval.

Why it was flagged

The skill documents optional Python execution for file reading; it is purpose-aligned and scoped to uploaded files, but Python execution is more general than simple document retrieval.

Skill content
If you need to use the `python_code_execution` tool to read files, please ensure that the file is already listed in the `upload_files` parameter
Recommendation

Keep Python use limited to parsing user-uploaded files named in the task, and avoid using it for arbitrary paths or unrelated code execution.