ima wiki 编译器
PassAudited by ClawScan on May 9, 2026.
Overview
This appears to be a legitimate IMA wiki-building skill, but it uses IMA API credentials to read and write persistent knowledge-base content, so users should scope and review its access before use.
Install only if you are comfortable giving the agent IMA OpenAPI access to the selected knowledge base. Use a limited API key, define the exact target knowledge base and folder, review the collected source list and generated wiki before writing, and verify any web-supplemented content.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is over-scoped, the agent could read or modify more IMA knowledge-base content than the user intended.
The skill expects IMA OpenAPI credentials. This is consistent with its IMA knowledge-base purpose, but those credentials are sensitive and determine what the agent can access or change.
env: IMA_OPENAPI_CLIENTID: ima OpenAPI 客户端ID IMA_OPENAPI_APIKEY: ima OpenAPI API密钥
Use the least-privileged IMA API key available, limit it to the intended knowledge base or workspace if possible, and revoke or rotate it after use if it is temporary.
The agent may inspect many documents in the selected IMA knowledge base or folder while preparing the wiki.
The instructions direct the agent to enumerate and collect files from a specified knowledge base. This is central to wiki compilation, but it is a broad knowledge-base operation that should stay within user-approved scope.
如果用户指定了知识库(kb_id),用 `get_knowledge_list` 逐级浏览并收集所有文件
Before invoking the skill, specify the exact knowledge base and folder boundaries, and review the displayed source list before allowing compilation or writes.
Generated wiki notes can be written into the user's IMA knowledge base and may remain there for future use.
The reference material documents a direct API write path for creating knowledge-base notes. This is expected for a wiki compiler, but it is persistent mutation authority.
对于 < 3KB 的内容,直接使用 `import_doc` + `curl -d @filepath` 写入,跳过 COS 中间环节。
Review generated content before writing, keep backups or version history where possible, and ensure the target folder is correct.
Mistakes, sensitive material, or untrusted web content could become part of a long-lived wiki and influence later answers.
The skill intentionally creates persistent knowledge artifacts that future answers may rely on. This is aligned with the product goal, but inaccurate, sensitive, or untrusted source material could be preserved and reused.
编译后的 Wiki 是"真理之源"——LLM 直接基于对 Wiki 整体结构的理解进行自检索和回答,知识在系统中持续累积和演化。
Use trusted sources, mark or review any web-supplemented content, and verify the compiled wiki before treating it as authoritative.
The effective permissions and behavior may also depend on the separate ima-skill package.
The skill depends on another skill for note management and knowledge-base operations. The dependency is disclosed and purpose-aligned, but its own behavior is outside the provided artifacts.
requires:
skills:
- name: ima-skill
reason: 本技能依赖 ima-skill 提供的笔记管理和知识库操作能力Review the ima-skill dependency and its permissions before using this compiler on sensitive knowledge bases.