karpathy-wiki
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: karpathy-wiki-improve Version: 1.1.1 The skill implements a structured knowledge wiki based on the Karpathy LLM Wiki pattern but contains shell injection vulnerabilities within the SKILL.md instructions. Specifically, the 'Relink' and 'Lint' operations provide bash scripts that use subshells (e.g., `$(basename $f .md)`) to process files in the wiki directory. Since the agent is designed to ingest content from external URLs and bookmarks, an attacker could potentially trigger remote code execution (RCE) by influencing filenames or content that the agent then processes using these unvalidated shell commands. While the intent appears aligned with the stated purpose, the implementation of core logic via risky shell execution is a significant security flaw.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create or update local wiki pages, links, and metadata as part of the requested workflow.
The skill authorizes file mutation in the wiki directory. This is expected for a markdown wiki skill and is explicitly scoped away from raw sources.
sources/ is read-only — LLM only writes wiki/, never modifies raw sources
Use a dedicated wiki folder, keep backups, and review generated changes before relying on them.
Private or inaccurate documents added to the wiki may be retained and reused in future research or answers.
The skill stores and reuses a persistent local knowledge base, so source material and generated summaries can influence later answers.
a persistent markdown knowledge wiki with full ingest/query/relink/lint/DeepResearch pipeline
Avoid ingesting sensitive material unless you want it persisted, and periodically review wiki pages for inaccurate or untrusted content.
A bad source interpretation or mistaken link could spread through the local wiki graph.
The relinking design can propagate a mistaken relationship across multiple wiki pages, although this is purpose-aligned knowledge-graph maintenance.
Bidirectional links enforced — every write to related must sync back-link
Run lint/review after larger ingest or relink operations and correct mistaken relationships promptly.