ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenViking Light

v1.0.0

轻量级 RAG 知识库 — 基于 BM25 全文检索 + MiniMax LLM 生成回答。 纯本地 Python 实现,无需 embedding API,不需要下载模型。 触发:用户问"你记得之前..."、"查一下之前..."、"关于...的知识"等需要检索记忆的问题。

0· 5·0 current·0 all-time
by@melonbanjing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The README/SKILL.md emphasizes '纯本地' retrieval and '无需 embedding API', which is true for retrieval, but both ask.py and bm25.py call a remote MiniMax chat API and require MINIMAX_API_KEY/MINIMAX_API_HOST. The registry metadata lists no required environment variables or credentials, which contradicts the code. Requiring an external LLM API is plausible for generation but should be declared.
Instruction Scope
Runtime instructions and scripts operate on a local data path (~/.openviking/light/data/bm25_store.json) and implement BM25 search and CLI for add/search/ask. The ask/ask.py and bm25.py build prompts from retrieved content and POST it to the configured MiniMax endpoint; they do not access unrelated system paths. However, prompts and retrieved content are sent to an external host, so any sensitive content stored in the local JSON would be transmitted.
Install Mechanism
There is no formal install spec (instruction-only). At runtime the scripts attempt to auto-install 'jieba' via os.system pip calls if missing. Auto-installing packages at runtime is common but increases attack surface (network fetch + executing whatever is on PyPI) and should be disclosed and controlled.
!
Credentials
The skill files require MINIMAX_API_KEY and optionally MINIMAX_API_HOST, but the skill metadata declared no required env vars or primary credential. This is a direct mismatch. The number of secrets is small and appropriate for an LLM-backed generator, but they must be declared and the user informed that queries/contexts will be sent to the external MiniMax host.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and only writes to its own data directory under the user's home. No elevated privileges are requested.
What to consider before installing
This skill implements local BM25 retrieval but uses a remote MiniMax chat API for generation. Before installing: (1) expect to provide MINIMAX_API_KEY (not declared in metadata) — queries and retrieved context will be sent to the configured MINIMAX_API_HOST; do not store sensitive secrets or private data in the skill's JSON store unless you trust that endpoint. (2) The scripts auto-install 'jieba' via pip at runtime — consider pre-installing dependencies in a controlled environment. (3) If you want a truly offline solution, remove or modify the chat() calls to use a local model instead. (4) Ask the publisher to update the skill metadata to declare required environment variables and to document the network call to the MiniMax endpoint. If you don't trust the MiniMax provider or cannot provide a dedicated API key with limited scope, treat the generation feature as risky and use search-only commands instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dew8r6stfpywmq8e5jtrhz5842c9b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenViking Light — 轻量 RAG 知识库

架构:BM25 全文检索(纯本地)+ MiniMax M2.7 LLM 生成回答

技术方案

组件方案优势
检索算法BM25(jieba 分词)纯本地、零依赖、准确
回答生成MiniMax M2.7智能回答
存储JSON 文件轻量、无数据库依赖

依赖

pip install jieba  # 中文分词(通常已内置)

API Key 从环境变量读取:

  • MINIMAX_API_KEY
  • MINIMAX_API_HOST(默认 https://api.minimaxi.com

工具

# 添加知识
python3 ~/.openclaw/workspace/skills/openviking-light/scripts/store.py \
  --content "内容文本" \
  --title "标题" \
  --level L2

# 搜索(仅检索,不生成)
python3 ~/.openclaw/workspace/skills/openviking-light/scripts/search.py \
  --query "关键词" \
  --limit 5

# RAG 问答(检索 + LLM 生成)
python3 ~/.openclaw/workspace/skills/openviking-light/scripts/ask.py \
  --query "用户问题" \
  --limit 5

知识库内容(2026-04-02)

共 12 条经典投资书籍框架:

#书名/框架核心指标
1格雷厄姆《聪明的投资者》格雷厄姆数、P/E、P/B、流动比率
2卡拉曼《安全边际》NCAV 净流动资产法、安全边际折扣
3巴菲特《给股东的信》ROE、护城河5来源、所有者收益
4彼得·林奇《成功投资》PEG、P/S、林奇6种股票分类
5费雪《超级强势股》P/S、Fisher Four M、RSI
6欧奈尔 CAN SLIMC/A/N/S/L/I/M 七项法则
7斯波朗迪 2B/123法则底部2B、顶部2B、趋势确认
8凯利公式与仓位管理最优仓位、分批建仓、2%止损
9《滚雪球》巴菲特传记复利三阶段、复利公式

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…