Knowledge Curator
ReviewAudited by ClawScan on May 10, 2026.
Overview
This mostly looks like a local link-to-knowledge-base tool, but its instructions conflict about whether plain links are saved automatically, which could cause unexpected persistent storage.
Install only if you are comfortable with a local knowledge base that fetches and stores link content. Before use, confirm whether the skill requires an explicit save command or saves bare links automatically, and avoid archiving private pages or URLs containing tokens.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user might paste a link just to discuss it, but the skill may save the link and fetched content into the knowledge base if the agent follows the contradictory documentation.
This conflicts with SKILL.md, which says '单纯发送链接不会触发收藏,必须有明确的收藏意图'. The user and agent get inconsistent guidance on whether a bare link will be permanently saved.
### 保存内容 直接发送链接即可:
Clarify one trigger policy everywhere, preferably requiring an explicit save command before any persistent write.
The skill can contact URLs and create or change local knowledge-base files when invoked.
The skill discloses network fetching, local script execution, and filesystem writes. These are expected for the stated function, but they are sensitive capabilities.
依赖 - `web_fetch` 工具:抓取网页内容 - `exec` 工具:运行 Node.js 脚本 - 文件系统:存储知识库
Use it only for links you intend to archive, and review delete/export actions before running them.
Sensitive links, access tokens in URLs, or untrusted webpage text may be retained and reused later as context.
A sample saved entry persists the original URL including query parameters, along with page content and comments. This matches the purpose, but tokenized/private links can remain in the local knowledge base and later be returned in searches or exports.
**原始链接**: https://www.xiaohongshu.com/explore/69b23af20000000023039920?xsec_token=...
Avoid saving private/tokenized URLs, consider stripping tracking or access parameters before saving, and treat retrieved webpage content as untrusted source material.
Users have less external provenance information for deciding whether to trust the skill.
The package has included source files and no external dependencies, but provenance is not clearly identified in the supplied metadata.
Source: unknown Homepage: none
Prefer a verified source/homepage or review the included scripts before installation.