ima wiki 编译器
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: ima-wiki-compiler Version: 1.0.1 The skill automates knowledge base management on the IMA platform using shell commands (curl) and Python scripts to interact with the IMA OpenAPI. While the behavior is strictly aligned with the stated purpose of 'Wiki compilation' and includes sophisticated version control and error-handling logic (e.g., in SKILL.md and reference.md), the reliance on shell execution and network requests to handle API data and external URLs (urllib.request) represents a high-privilege capability. These mechanisms are plausibly needed for the task but constitute a significant attack surface, fitting the criteria for a suspicious classification despite the lack of clear malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API key is over-scoped, the agent could read or modify more IMA knowledge-base content than the user intended.
The skill expects IMA OpenAPI credentials. This is consistent with its IMA knowledge-base purpose, but those credentials are sensitive and determine what the agent can access or change.
env: IMA_OPENAPI_CLIENTID: ima OpenAPI 客户端ID IMA_OPENAPI_APIKEY: ima OpenAPI API密钥
Use the least-privileged IMA API key available, limit it to the intended knowledge base or workspace if possible, and revoke or rotate it after use if it is temporary.
The agent may inspect many documents in the selected IMA knowledge base or folder while preparing the wiki.
The instructions direct the agent to enumerate and collect files from a specified knowledge base. This is central to wiki compilation, but it is a broad knowledge-base operation that should stay within user-approved scope.
如果用户指定了知识库(kb_id),用 `get_knowledge_list` 逐级浏览并收集所有文件
Before invoking the skill, specify the exact knowledge base and folder boundaries, and review the displayed source list before allowing compilation or writes.
Generated wiki notes can be written into the user's IMA knowledge base and may remain there for future use.
The reference material documents a direct API write path for creating knowledge-base notes. This is expected for a wiki compiler, but it is persistent mutation authority.
对于 < 3KB 的内容,直接使用 `import_doc` + `curl -d @filepath` 写入,跳过 COS 中间环节。
Review generated content before writing, keep backups or version history where possible, and ensure the target folder is correct.
Mistakes, sensitive material, or untrusted web content could become part of a long-lived wiki and influence later answers.
The skill intentionally creates persistent knowledge artifacts that future answers may rely on. This is aligned with the product goal, but inaccurate, sensitive, or untrusted source material could be preserved and reused.
编译后的 Wiki 是"真理之源"——LLM 直接基于对 Wiki 整体结构的理解进行自检索和回答,知识在系统中持续累积和演化。
Use trusted sources, mark or review any web-supplemented content, and verify the compiled wiki before treating it as authoritative.
The effective permissions and behavior may also depend on the separate ima-skill package.
The skill depends on another skill for note management and knowledge-base operations. The dependency is disclosed and purpose-aligned, but its own behavior is outside the provided artifacts.
requires:
skills:
- name: ima-skill
reason: 本技能依赖 ima-skill 提供的笔记管理和知识库操作能力Review the ima-skill dependency and its permissions before using this compiler on sensitive knowledge bases.