Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
《毛选》1-7卷文本查询
v1.0.1触发:当用户要检索《毛泽东选集》全文、按卷或文章定位原文、按标题/关键词找内容时使用。此 skill 适用于 OpenClaw,本地默认使用结构化检索与关键词检索;只有在配置文件显式开启后,才使用向量召回和重排组成的混合检索。
⭐ 0· 149·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, included data/ corpus and the search/build_index scripts align with a local retrieval/search skill for 《毛泽东选集》. The code and docs describe building a local SQLite/FTS index and optional vector indexes — these are expected for the stated purpose.
Instruction Scope
SKILL.md limits external calls to an opt-in RAG mode (rag.enabled) and documents local-only defaults. However the runtime instructions include commands to 'test-model', enable 'rag.enabled' and set API keys; those commands will cause network calls outside of the local corpus if enabled. The instructions otherwise stay within the stated retrieval scope and reference only the local data/ directory.
Install Mechanism
No install spec is declared (instruction-only install). The skill includes Python scripts (build_index.py, search.py, etc.) and reads local Markdown files — no dubious remote download/install behavior is declared.
Credentials
The manifest declares no required env vars, but SKILL.md recommends MAO_SKILL_API_KEY for embeddings and documents that embedding/rerank configuration will inherit rag.api.base_url and rag.api.api_key_env by default. Automatically inheriting a global rag.* API key setting is disproportionate: it risks the skill using platform/global credentials without a clear explicit opt-in. Also the SKILL.md example default base_url (https://api.siliconflow.cn/v1) is a third‑party endpoint; if enabled it would send text/embeddings to an external service. Require explicit, per-skill credential configuration rather than implicit inheritance.
Persistence & Privilege
always is false and there is no install routine that requests permanent system-wide presence or writes to other skill configs. The skill stores and reads its own data/ and config/search.json only.
What to consider before installing
This skill appears to be a local search tool over the included corpus and is coherent with that purpose — but pay attention before enabling the hybrid/vector (RAG) mode. By default the SKILL.md states it operates locally, but if you turn on rag.enabled the scripts will call embedding/reranker APIs and will look for an API key. Two things to check before installing or using:
- Keep rag.enabled false unless you intentionally want remote embedding/reranking. With rag.enabled=false the skill uses local FTS/lexical search only.
- If you do enable rag, set a dedicated environment variable (e.g., MAO_SKILL_API_KEY) and a dedicated base_url for only this skill. Do NOT let the skill inherit a platform-wide rag.api.api_key_env value — that could expose a global/API key used by other integrations. Confirm config/search.json is edited to point to a credential you control.
- Inspect the scripts (scripts/search.py, build_index.py, common.py) to confirm precisely what is sent to the remote endpoint (full text, excerpts, or just hashes). If you are privacy-sensitive, keep RAG disabled or run embedding with a local model/provider you trust.
- Note the skill includes ~400 local Markdown files (large corpus). Confirm you are allowed to host/use this corpus and that local storage use is acceptable.
If you want, I can (a) scan the scripts to list exact network calls/endpoints and what payloads they transmit, or (b) suggest exact config edits to ensure the skill never uses external API keys unless you explicitly set them.Like a lobster shell, security has layers — review code before you run it.
latestvk972chd63dkerdgyszbmacs78984fp1n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.