v1.0.0

contextloader

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:11 AM.

Analysis

This is a coherent instruction-only connector for a configured Context Loader API, with clear but sensitive account-scoped knowledge access and a user-directed rebuild action to notice.

GuidanceInstall this only if you intend the agent to query your Context Loader service using the configured APP_USER_ID. Verify the service URL and SOUL.md knowledge-network entries, and treat rebuild requests as operational changes that should be made deliberately.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

references/api-calling.md

### 创建构建任务

- 方法：`POST`
- 路径：`/api/agent-retrieval/in/v1/kn/full_build_ontology`

The documented API surface includes creating a full knowledge-network build job. The examples frame this as user-requested, so it is purpose-aligned, but it is a state-changing/operational action rather than a read-only query.

User impactA user-directed rebuild request could start a server-side job that changes or refreshes knowledge-network indexes and consumes backend resources.

RecommendationBefore asking the agent to rebuild a knowledge network, confirm the intended kn_id and ensure the backend environment is safe for that operation.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

从环境变量 `APP_USER_ID` 读取 `x-account-id` ... 调用时固定使用 `x-account-type: app` ... 不传递 `Authorization` 请求头

The skill uses a configured account identifier as an app-scoped request header for the Context Loader service. This is disclosed and purpose-aligned, but it means the skill can access knowledge-network data available to that configured account/service context.

User impactIf installed with a real account ID and service URL, the agent may retrieve business knowledge-network data under that account context.

RecommendationOnly configure APP_USER_ID and CONTEXT_LOADER_BASE_URL for a trusted Context Loader deployment and an account scope appropriate for the data the agent should access.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

如果用户没有明确给出 `kn_id`，先读取当前 agent 工作区中的 `SOUL.md` ... 从 `SOUL.md` 的 `## 业务知识网络` 表格中识别候选 BKN 地址，并尝试提取 `kn_id`

The skill intentionally relies on workspace configuration context to select a knowledge network. It includes safeguards against guessing, but stale or incorrect SOUL.md content could still cause the agent to query the wrong knowledge network.

User impactIncorrect workspace configuration could lead the agent to load context from an unintended business knowledge network.

RecommendationKeep SOUL.md accurate and review the candidate knowledge network when the agent reports multiple or ambiguous kn_id choices.