librarian companion
v1.0.1Conversational interface for semantic book search (companion skill for Librarian project)
⭐ 0· 489·4 current·4 all-time
byNicholas Frota@nonlinear
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (conversational interface for the Librarian project) matches the included files: a Bash wrapper and a Python formatter that call the Librarian engine's research.py. This companion behavior is coherent. However, SKILL.md documents Python runtime dependencies (sentence-transformers, torch, faiss-cpu) while the registry metadata lists no required binaries; the shell script also calls jq but jq is not declared anywhere. These mismatches are implementation/packaging inconsistencies.
Instruction Scope
Instructions confine activity to local files (e.g., .library-index.json, .topic-index.json, and engine/scripts/research.py). The SKILL.md explicitly forbids web-search fallbacks and enforces 'hard stops.' That keeps scope narrow. Minor concerns: the wrapper uses eval to run the escaped command string and creates a /tmp JSON file (deleted afterwards) — the code attempts safe quoting (printf '%q') but relying on eval introduces a small execution-surface risk if escaping is broken or inputs are crafted unexpectedly.
Install Mechanism
No install spec is provided (instruction-only style), which avoids arbitrary remote downloads. The skill expects the upstream Librarian project to be installed (README instructs cloning into ~/Documents/librarian or symlinking the skill). However, the Python dependencies declared in SKILL.md are heavy (torch, sentence-transformers, faiss) and the wrapper relies on the jq binary without declaring it — packaging/install instructions are incomplete.
Credentials
The skill does not request environment variables, credentials, or external tokens. It exports a local LIB_INDEX path for internal use; otherwise, it reads local repo paths and library indexes. No evidence of requesting unrelated secrets or network credentials.
Persistence & Privilege
always is false and the skill does not request persistent system privileges. README suggests optional symlinking into the user's OpenClaw skills directory (normal for a companion skill). The skill does not modify other skills' configs or request elevated privileges.
What to consider before installing
This skill is a local wrapper for the Librarian project and appears to act only on files in your local Librarian repo. Before installing: 1) Confirm you actually have the Librarian project installed where the skill expects it (~/Documents/librarian or via the recommended symlink), and that engine/scripts/research.py is trustworthy. 2) Install and verify the declared Python deps (sentence-transformers, torch, faiss-cpu) as they are heavy and can be surprising to pull in. 3) Ensure jq is installed on the host (the bash wrapper uses jq but does not declare it). 4) Review the wrapper scripts (librarian.sh and librarian.py) locally — they execute a subprocess and use eval for the constructed command string; although the code attempts safe quoting, malformed inputs could be risky. 5) If you want extra safety, run the skill in an isolated environment or verify the upstream GitHub repo and its research.py before giving it access to your library. The inconsistencies in declared requirements and the use of eval are reasons to audit before trusting it fully.Like a lobster shell, security has layers — review code before you run it.
latestvk9701gnyhcrs8d26dgpxqp7e1n81krm6stablevk97cknytq897fsp0g1t24q0cfd81kbar
License
MIT-0
Free to use, modify, and redistribute. No attribution required.