LLM Wiki - Personal Knowledge Base
Security checks across malware telemetry and agentic risk
Overview
This looks like a real personal knowledge-base skill, but it asks for broad local-file ingestion and logged-in browser access that users should review carefully before installing.
Treat this as a Review item rather than outright malware: it appears purpose-aligned, but install it only if you are comfortable with a persistent local wiki, broad folder ingestion, shell/browser automation, and possible logged-in browser use. Use a dedicated wiki folder and an isolated Chrome profile, and avoid sensitive URLs or folders unless you intentionally want them indexed.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a broad or sensitive folder, private files could be summarized, copied, or linked into a long-lived wiki and reused in later tasks.
The skill can process an entire user-provided folder into a persistent knowledge base, but the shown instructions do not clearly bound file types, exclusions, review steps, or retention controls.
"批量消化"、"把这些都整理" / 给了文件夹路径 | → **batch-ingest**
Only use it on a dedicated folder of material you intend to index; add explicit exclusions for secrets, credentials, private exports, and unrelated documents.
The skill may be able to load and capture pages accessible through your browser login, not just public web pages.
The skill expects Chrome debugging and may use a logged-in browser session for extraction, but the registry declares no primary credential or required credential boundary.
如果你要自动提取网页或公众号,Chrome 需要以调试模式启动 ... 当前 Chrome 会话没有登录 X
Use a separate Chrome profile with only the accounts needed for this task, and avoid giving it access to your normal daily browsing session.
Private, internal, or token-bearing URLs could be disclosed to an external service if used with this fallback.
If local browser capture fails, the dependency can send the target URL to the hosted defuddle.md service as a fallback.
return `https://defuddle.md/${encodeURIComponent(targetUrl)}`;Avoid using sensitive or access-token URLs, or require confirmation before any hosted fallback is used.
The skill can run local helper commands as part of web extraction.
A bundled helper runs a local process-listing command to discover Chrome/CDP state. This is consistent with the browser-capture feature, but it is local command execution.
const result = spawnSync("ps", ["aux"], { encoding: "utf-8", timeout: 5_000 });Review the bundled scripts before running them and install only if you are comfortable with local command execution for browser capture.
Installation behavior may be broader than the registry metadata suggests.
The registry says there is no install spec and no required binaries, but the documentation describes shell-based installation and optional package-manager/runtime dependencies.
bash install.sh --platform openclaw ... bun 或 npm 二选一即可 ... 机器上需要有 `uv`
Inspect `install.sh`/`setup.sh` and install dependencies manually or in a sandbox if possible.