个人知识库 - 融合向量检索、实体关系、笔记管理
Security Analysis
medium confidenceThe SKILL.md claims a local personal knowledge-base but instructs running a specific Python script and touching user home directories without providing the script, required binaries, or clear configuration — the instructions and declared requirements are inconsistent.
The skill describes a personal knowledge base (vector search, entities, notes) but declares no required binaries or files while the instructions explicitly call a Python script (vector_kb.py) at a hard-coded path. That script is not included and no Python requirement is declared, so the claimed capability cannot be realized as described.
Runtime instructions tell the agent to read and write files under user home paths (~/.openclaw and C:\Users\Administrator\...), add files to an Obsidian directory, and extract entities. Those actions involve accessing local filesystem data and modifying user notes; the instructions give broad filesystem targets and hard-coded, platform-specific paths (Windows Administrator) rather than a configurable vault path.
There is no install spec (instruction-only), which limits installer risk. However, the runtime depends on a local script that is not provided; the absence of an install step or included code means the skill will either fail at runtime or rely on pre-existing, opaque local scripts.
The skill requests no credentials or environment variables (reasonable), but it also fails to declare the need for Python or any NLP/embedding service keys that entity extraction or vector indexing might require. The lack of declared dependencies is inconsistent with the described functionality.
always:false and no special OS restrictions are set. The skill does instruct filesystem writes at runtime, but it does not request permanent elevated platform privileges in its metadata.
Guidance
This skill's instructions expect a local Python script (C:\Users\Administrator\.openclaw\scripts\vector_kb.py) and write/read locations under ~/.openclaw and an Obsidian vault, but the package contains no code and declares no dependencies. Before installing or using it: (1) ask the publisher for the actual script/source and an install plan; (2) do not run commands that write into your home or notes until you inspect the script contents; (3) confirm which OS/path the skill targets (it mixes Windows and Unix paths) and request configurable vault paths; (4) ensure Python and any required NLP/embedding services are explicitly declared; (5) if you must test, run in a sandboxed account or VM and review the script for data-exfiltration or unexpected behavior.
Latest Release
v1.0.0
taizi-knowledge-base v1.0.0 - 首次发布,集成个人知识库管理功能。 - 支持向量检索、实体关系管理、笔记存储一体化。 - 提供便捷命令行操作:知识内容存入、检索、统计、添加笔记文件。 - 支持自动分块文本、实体关系抽取、文件索引检索。 - 统一管理知识数据,提升个人信息的组织与查找效率。
Popular Skills
Published by @tangepier-crypto on ClawHub
