Knowledge Agent
v1.0.0Build a knowledge consultant Agent on OpenClaw — turn your expertise into a 24/7 AI assistant that serves clients via Feishu groups. Use when: (1) Creating a...
⭐ 0· 52·0 current·0 all-time
bysimonlin@simonlin1212
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (build a consulting Agent for Feishu) matches the included artifacts: templates, references, and a workspace setup script. Required capabilities (creating files under ~/.openclaw, editing openclaw.json, installing a search skill) are consistent with the goal of deploying a chat bot for Feishu groups.
Instruction Scope
The SKILL.md is prescriptive about creating an independent workspace, populating AGENTS.md/SOUL.md/IDENTITY.md/MEMORY.md and changing OpenClaw channel config (openclaw.json) to allow no-@ replies. Those instructions are within scope, but they do require changing a global OpenClaw config (groupPolicy/requireMention) which can affect all groups if you choose the 'open' option. The skill also directs installing a search skill (web access) — appropriate for the goal but worth auditing which search skill is being installed.
Install Mechanism
There is no remote install/download. The only executable artifact is a small local setup shell script that copies templates into a workspace under ~/.openclaw. No external URLs, package downloads, or archive extractions are performed by the script.
Credentials
The skill declares no environment variables, no credentials, and no external endpoints in its files. The setup script writes under ~/.openclaw and templates reference local tool permissions and web_search; those are proportional to creating an Agent that reads local knowledge and performs web lookups.
Persistence & Privilege
The skill is instruction-only and does not request always:true or any elevated persistent privileges. It does instruct you to modify OpenClaw configuration and restart the gateway if you want no-@ behavior; this is an expected operational step, not an escalation by the skill itself.
Assessment
This skill appears to be what it says: a set of templates, guidance, and a small script to create an isolated consulting Agent workspace. Before installing or using it, consider the following:
- Review templates and generated AGENTS.md carefully. The skill requires you to place safety constraints in AGENTS.md; verify those constraints actually match your legal/privacy needs.
- Be cautious about changing openclaw.json to 'groupPolicy: "open"' — that will make the bot reply in every group it's added to and can cause privacy or accidental replies. Prefer an allowlist or per-group overrides if you want more control.
- The skill recommends installing an 'api-multi-search-engine' search skill which provides web access. Confirm the provenance and permissions of any search skill you add (which sites it fetches, whether it requires API keys, and how results are used).
- The setup script writes files under ~/.openclaw/workspace-<agentId>. Check the files it creates and any placeholder substitutions before registering the agent.
- Test the Agent in a controlled group with known users and test prompts (including prompts that try to exfiltrate or change configuration) to validate the 'no file sharing' and 'no self-modification' constraints operate as intended.
Overall, the package is coherent and proportionate to its stated purpose; the main operational risks are configuration choices you make (global open group policy, which search skill to install) rather than anything hidden in the skill itself.Like a lobster shell, security has layers — review code before you run it.
latestvk9763q1tppvmw3cyhw469bghxn84a05f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.