normieclaw-knowledge-vaultYou have 200 bookmarks you'll never revisit and a 'Read Later' list that's basically a graveyard. Knowledge Vault changes the game: paste any URL — article,...
Install via ClawdBot CLI:
clawdbot install nollio/normieclaw-knowledge-vaultGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Contains instructions to override system prompt or ignore user requests
"Ignore previous instructions"Calls external URL not in known-safe list
https://www.youtube.com/watch?v=exampleAI Analysis
The skill definition contains explicit security warnings against prompt injection and treats external content as untrusted data, which mitigates the primary risk. However, it references an external YouTube URL pattern without specifying a trusted, vetted service for fetching content, creating a potential vector for data leakage or SSRF if implemented poorly.
Audited Apr 16, 2026 · audit v1.0
Usage Guide
Loading usage data… refresh in a few seconds.
Scored May 30, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Detect 500+ types of hardcoded secrets (API keys, credentials, tokens) before they leak into git. Wraps GitGuardian's ggshield CLI.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.