Wiki Compiler
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to read and modify IMA knowledge-base content according to the permissions of the supplied API key.
The skill requires IMA API credentials to access the user's IMA knowledge-base and note APIs.
IMA_OPENAPI_CLIENTID: ima OpenAPI 客户端ID; IMA_OPENAPI_APIKEY: ima OpenAPI API密钥
Use a scoped or revocable IMA API key, avoid pasting credentials into shared logs, and revoke the key if you no longer use the skill.
The agent may perform API operations against a selected knowledge base; mistakes in target IDs or scope could affect the wrong workspace content.
The instructions show direct API calls and local command snippets for listing, exporting, and updating IMA wiki/note content.
curl -s -X POST "https://ima.qq.com/openapi/wiki/v1/get_knowledge_list" ... python3 -c
Confirm the target knowledge_base_id or note_id before allowing write/update actions, and review generated content before it is saved.
Private or inaccurate source material could become part of a persistent guide and influence future answers.
The skill intentionally turns source materials into persistent wiki content that may be reused as a knowledge source in later work.
编译后的 Wiki 是"真理之源"... 知识在系统中持续累积和演化。
Only include sources you want preserved in the wiki, review the generated guide for sensitive or incorrect content, and keep clear source attribution.
A user might assume future updates are automatic or already approved.
The wording suggests recurring maintenance behavior, although the artifacts contain no scheduler, daemon, or autonomous background code.
第五步:主动维护与迭代 — 定期检查和更新
Require explicit user approval before each maintenance run or knowledge-base update.