ima skills
WarnAudited by ClawScan on May 10, 2026.
Overview
This IMA skill mostly matches its stated notes and knowledge-base purpose, but its credentialed API helper can be redirected away from ima.qq.com, so it should be reviewed before use.
Use this skill only if you trust the IMA/OpenAPI integration and need the agent to manage your notes or knowledge base. Before use, verify that IMA_BASE_URL is not set to an unexpected domain, protect your IMA API key/config files, and review any note writes or file uploads before approving them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the environment or command options are manipulated, the user's IMA Client ID and API Key could be sent to a non-IMA server.
The helper sends IMA credentials to whichever baseUrl is supplied through options or IMA_BASE_URL, rather than enforcing the documented ima.qq.com destination.
const baseUrl = options.baseUrl || process.env.IMA_BASE_URL || DEFAULT_BASE_URL; ... const res = await fetch(`${baseUrl}/${apiPath}`, { ... headers: { 'ima-openapi-clientid': clientId, 'ima-openapi-apikey': apiKey, ... } })Remove or strictly allowlist the baseUrl override for normal use, and users should verify that IMA_BASE_URL is unset or points only to the official IMA endpoint before using the skill.
The agent can create notes or append content to existing notes in the user's IMA account.
The skill can persistently modify existing user notes, but it explicitly labels this as sensitive and requires confirmation when the target note is unclear.
`append_doc` 会**不可撤销地修改**用户的现有笔记,因此必须谨慎处理 ... 用户没有明确指定目标笔记 — **必须先向用户确认**
Only allow note writes when the target and content are clear, and review append operations carefully because they may not be reversible.
Selected local file contents may leave the device and be stored in the user's IMA knowledge base.
The skill supports uploading local files to IMA knowledge bases via Tencent COS; this is central to its purpose and includes preflight and duplicate-handling gates.
上传文件到知识库 ... `check_repeated_names` → `create_media` → COS Upload → `add_knowledge` ... `node ... cos-upload.cjs --file "/path/to/report.pdf"`
Upload only files the user explicitly selected, confirm the destination knowledge base, and avoid sending sensitive files unintentionally.
A server-provided update message could influence what the agent says or does if the agent treats it as an instruction.
The automatic update check can return provider-supplied instruction text to the caller; it is not executed as code, but an agent should treat it as data rather than authoritative task instructions.
const instruction = (updateResp.data && updateResp.data.instruction) || ''; ... process.stdout.write(JSON.stringify(updateContext)); ... err.msg = `发现新版本 skill:${latestVersion}...${instruction || '请更新。'}`Treat update messages as informational notices only, and avoid letting remote update text override the user's current task.
The skill leaves a small local timestamp file after use.
The helper persists only a timestamp for update checks under the user's IMA config directory; no background execution or self-maintaining process is shown.
const DEFAULT_LAST_CHECK_FILE = path.join(os.homedir(), '.config/ima/last_update_check'); ... fs.writeFileSync(lastCheckFile, today, 'utf8');
This is low risk, but users who want no local traces can remove ~/.config/ima/last_update_check.