iflow-nb
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a coherent iflow knowledge-base integration, but it needs review because it can perform no-confirm knowledge-base deletions and can send the API key to an undeclared override endpoint.
Before installing, confirm that you trust iflow with the files, URLs, notes, and generated outputs you plan to store. Avoid setting IFLOW_BASE_URL unless you fully trust the endpoint. For deletes, batch deletes, shares, and generation from a large notebook, ask the agent to show the selected knowledge base and files and get your confirmation first.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could delete one or many files from an iflow knowledge base without asking for a final confirmation inside the script.
The documented deletion examples use --force, and the script defines --force as skipping deletion confirmation. That makes irreversible knowledge-base file deletion easier to run without a separate review step.
python pipeline_file_management.py delete --kb "竞品分析" --file "旧版报告" --force
python pipeline_file_management.py batch-delete --kb "竞品分析" --files "test_001,test_002" --force
...
parser.add_argument("--force", action="store_true", help="跳过删除确认")Do not use --force by default. Require the agent to show the matched files and get explicit user confirmation before delete or batch-delete operations.
A slightly ambiguous knowledge-base name could cause changes to be applied to a different notebook than the user intended.
If an exact knowledge-base name is not found, the shared helper returns the first fuzzy match. Mutating workflows that call this helper can then upload, rename, delete, generate from, or share the wrong knowledge base.
# 模糊兜底
if items:
actual = items[0]
log(f'模糊匹配到知识库「{actual["name"]}」')
return actual["code"]Require exact knowledge-base IDs or ask the user to confirm the selected knowledge base before any upload, delete, rename, share, or generation action.
If IFLOW_BASE_URL is accidentally or maliciously set to another host, the iflow API key could be sent outside the expected service boundary.
The bearer API key is attached to requests sent to BASE_URL, and BASE_URL can be overridden through IFLOW_BASE_URL even though the registry declares only IFLOW_API_KEY and the setup text emphasizes the official iflow endpoint.
base_url = os.environ.get("IFLOW_BASE_URL", "https://platform.iflow.cn")
...
SESSION.headers.update({
"Authorization": f"Bearer {API_KEY}",Declare IFLOW_BASE_URL if it is intentional, warn users about it, and preferably validate or allowlist official iflow API hosts before sending Authorization headers.
Reports, PPTs, podcasts, or videos may be generated from all files in a notebook, including sensitive files the user did not specifically mention.
The generation workflow can use every file in the selected knowledge base when the user does not specify a narrower file list. This is coherent for a knowledge-base generator, but it is broad reuse of persistent stored content.
`files` 数组中每个元素... ... | `files` | array | 否 | 参考文件列表。**不传则使用知识库全部文件** | ... 用户没指定文件时,**不需要询问**,直接使用全部文件。
For sensitive notebooks, specify the exact files to use or ask the agent to list and confirm the source files before generation.
Personal notes or expense-like records may be uploaded to iflow rather than kept only in the local chat.
The skill is designed to persist quick personal notes into a remote knowledge base, including automatically matching or creating a notebook. This is purpose-aligned, but users should understand the data is being stored remotely.
You: Record that I spent $50 on lunch today. ... The agent auto-matches (or creates) the right notebook and imports via Pipeline 3.
Use this skill only for information you are comfortable storing in the iflow knowledge base, and ask which notebook will be used when the content is sensitive.