Pinecone Search
Pinecone vector search tool for searching local knowledge base
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 168 · 0 current installs · 0 all-time installs
by@deki18
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (Pinecone vector search) align with the code and SKILL.md: the skill requires Pinecone and an embedding API to perform vector searches. However, the registry metadata claims no required env vars or config paths while both SKILL.md and search_tool.py clearly require PINECONE_API_KEY, EMBEDDING_API_KEY, EMBEDDING_BASE_URL and optionally INDEX_NAME/NAMESPACE/.env — this metadata omission is inconsistent and could mislead users about what credentials are needed.
Instruction Scope
SKILL.md and the Python code confine behavior to: loading a local .env (from the skill directory), calling an embedding API (OpenAI-compatible) to create an embedding, and querying a Pinecone index. The instructions do not direct the agent to read arbitrary unrelated files or exfiltrate data to unexpected endpoints beyond the embedding base URL and Pinecone API.
Install Mechanism
There is no registry install spec (no files are downloaded automatically). SKILL.md recommends 'pip install openai pinecone-client', which is a normal and proportional dependency for this functionality. No unusual download URLs or archive extraction are present.
Credentials
The skill legitimately needs PINECONE_API_KEY and an embedding API key and base URL to operate. However, the skill's declared registry requirements list no env vars or primary credential, while SKILL.md and the code request API keys. This mismatch is a red flag: the metadata should declare required credentials so users understand the blast radius before granting them. Also the code will print tracebacks and returned metadata which could reveal index/document identifiers — consider data leakage risk.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and has no special system persistence. It runs as an invoked tool and only accesses its own .env in the skill directory and network APIs.
What to consider before installing
This skill's behavior (SKILL.md + Python code) is coherent with a Pinecone + embedding search tool, but the registry metadata failing to declare required environment variables is concerning. Before installing or providing keys: (1) verify and trust the skill source — there is no homepage or known owner link; (2) do not reuse production/unscoped API keys — use short-lived or least-privilege keys and put the skill in a sandbox; (3) inspect the included search_tool.py (you already have it) to confirm no hidden endpoints; (4) be aware the tool will call an embedding provider and Pinecone (network traffic will contain query text and may include returned metadata); (5) rotate/revoke keys after testing. If you want higher assurance, ask the publisher to correct the package metadata to list required env vars and to provide a canonical homepage or source repository.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.1.1
Download zipdatabaselatestpinecone
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Pinecone Search
Pinecone 向量搜索工具,用于搜索本地知识库中的规范、标准、施工等文档。
安装
pip install openai pinecone-client
cp config.example.env .env
# 编辑 .env 文件,填入你的 API Key
配置
编辑 .env 文件:
PINECONE_API_KEY=your_pinecone_api_key
EMBEDDING_API_KEY=your_embedding_api_key
EMBEDDING_BASE_URL=https://api.openai.com/v1
EMBEDDING_MODEL=text-embedding-3-large
INDEX_NAME=your-index-name
NAMESPACE=
使用
python search_tool.py "查询内容"
python search_tool.py "查询内容" --top-k 5
触发关键词
- 规范、标准
- 查询资料、知识库
示例
python search_tool.py "混凝土浇筑标准是什么?"
输出:
🔍 正在搜索: 混凝土浇筑标准是什么?
============================================================
【结果 #1】
匹配度: 0.8934
来源: 施工规范_2024.pdf
内容:
混凝土浇筑应符合以下标准...
------------------------------------------------------------
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…