ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Workspace Local Retrieval

v1.0.0

Build boundary-first local retrieval for OpenClaw with explicit corpora, deny-by-default agent access, separate memory layers, and a validated minimal demo p...

0· 82·0 current·0 all-time
by@ys-c-23
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: a CLI wrapper, prereq checker, and bootstrapper that generate sanitized config templates for a local retrieval stack. Required capabilities (Python, Node, SQLite, optional local Ollama) are consistent with a local-first retrieval purpose.
Instruction Scope
SKILL.md and scripts constrain actions to: running prerequisite checks, writing template config files, and recommending next steps. The bootstrapper explicitly avoids network calls and does not index or scan user data. The CLI invokes only the included Python scripts and performs local file writes; no instructions ask the agent to read unrelated secrets or transmit data.
Install Mechanism
There is no registry install spec in the manifest (the skill is instruction/codeshipped), but package.json and bin/ provide an npm-friendly CLI. This is not harmful, but users should note that the npm-install claim in SKILL.md presumes publishing to npm; installing arbitrary packages from unknown registries has typical supply-chain risks.
Credentials
The skill declares no required env vars or credentials. The code respects optional local services (ollama) and uses PYTHON env var as an override for which Python executable to run — reasonable and proportionate for cross-platform scripts. No unrelated credentials are requested or used.
Persistence & Privilege
The skill does not request always:true or elevated platform privileges. It writes only template config files under the user-specified destination (refuses to overwrite without --force) and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (normal) but the skill's runtime behavior is local and conservative.
Assessment
This skill appears coherent and conservative, but review and confirm before running: (1) The bootstrapper will write template JSON files to the destination you provide — do not run with --force unless you want overwrites. (2) The skill does not auto-index or call the network, but the default backend template points to a local Ollama endpoint (127.0.0.1) — verify or change that before enabling embeddings. (3) If you plan to install the CLI via npm, prefer installing from a trusted package source; installing arbitrary global packages carries supply-chain risk. (4) Run the prereq checker first (workspace-local-retrieval check) and inspect generated config files before performing indexing or connecting any embedding backend. (5) If you need greater assurance, ask the publisher for an official release URL or audit the package that would appear on npm before installing.
bin/workspace-local-retrieval.js:49
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

agent-infravk973mv8htndb4hymt373t9f5e183gyf1latestvk974xwkenv3jbjzwsx4veece6h83jjhalocal-ragvk973mv8htndb4hymt373t9f5e183gyf1retrievalvk973mv8htndb4hymt373t9f5e183gyf1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments