llm-knowledge-bases Security Report — Trusted | ClawSafe

0 /100

llm-knowledge-bases

Inspired by a public workflow shared by Andrej Karpathy (@karpathy). From raw research to a living Markdown knowledge base that compounds with every question.

LLM Knowledge Bases is a lightweight, documentation-only skill that defines workflows and rules; all actual Vault I/O is delegated to a separate plugin, with no declared or inferred sensitive capabilities beyond documentation metadata.

Skill Namellm-knowledge-bases

Duration29.2s

Enginepi

✓

Safe to install

Approve for use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	SKILL.md explicitly forbids direct file writes; all Vault I/O is mediated by plu…
Network	`NONE`	`NONE`	—	No network calls; only references https://x.com/karpathy in attribution text (RE…
Shell	`NONE`	`NONE`	—	Shell scripts only scaffold directories (mkdir/printf) and invoke clawhub CLI wi…
Environment	`NONE`	`NONE`	—	No environment variable access in any script or implementation
Skill Invoke	`NONE`	`NONE`	—	Skill defines workflows but does not invoke other skills
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser access found
Database	`NONE`	`NONE`	—	No database access found

1 findings

🔗

Medium External URL 外部 URL

https://x.com/karpathy

README.md:8

File Tree

10 files · 22.5 KB · 773 lines

Markdown 6f · 690L Shell 2f · 62L JSON 1f · 17L YAML 1f · 4L

├─ 📝 CHANGELOG.md Markdown 47L · 2.3 KB

├─ 📋 clawhub.json JSON 17L · 439 B

├─ 🔧 init_llm_kb_repo.sh Shell 51L · 1.2 KB

├─ 📝 maintenance-playbook.md Markdown 91L · 2.6 KB

├─ 📋 openai.yaml YAML 4L · 272 B

├─ 🔧 publish.sh Shell 11L · 465 B

├─ 📝 README.md Markdown 158L · 4.7 KB

├─ 📝 RELEASE.md Markdown 74L · 2.7 KB

├─ 📝 repo-layout.md Markdown 110L · 2.5 KB

└─ 📝 SKILL.md Markdown 210L · 5.4 KB

Security Positives

✓ All capabilities are explicitly NONE; skill is a documentation-only specification

✓ SKILL.md clearly states: do not use generic file tools for Vault operations — only plugin tools

✓ Shell scripts use only safe primitives (mkdir, printf) with hardcoded paths and no pipe from user input

✓ No external dependencies (no requirements.txt, package.json, Cargo.toml, or Pipfile)

✓ Safety boundaries are well-defined: never modify raw/, never write wiki/ directly, never fabricate IDs

✓ Failure handling is explicit and prevents bypass: do not work around the error by writing directly to the Vault

✓ No base64, no eval, no curl|bash, no environment iteration, no credential access

✓ No hidden HTML comments, no steganography, no obfuscation

✓ No sensitive paths (~/.ssh, ~/.aws, .env) accessed anywhere

Scan Report

File Tree

Security Positives