ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

书搭子

v2.0.7

最懂你的书搭子 - AI 读书伴侣与思想交流伙伴。基于本地 workspace 的隐私保护型共读 Agent,支持语音朗读。

0· 127·0 current·0 all-time
by@ai-innopower

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ai-innopower/book-companion.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "书搭子" (ai-innopower/book-companion) from ClawHub.
Skill page: https://clawhub.ai/ai-innopower/book-companion
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install book-companion

ClawHub CLI

Package manager switcher

npx clawhub@latest install book-companion
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md and skill.json consistently describe a local-only reading companion that reads/writes only under ./data/ and references/. Permissions in skill.json (read/write data/, no network, no external_scripts) align with the stated purpose.
!
Instruction Scope
Runtime instructions restrict reads/writes to ./data/ and declarations forbid network/external scripts. However the SKILL.md instructs running an externally supplied TTS command via BOOK_COMPANION_TTS_CMD with user-provided text inserted into the command template; there is no instruction to escape/sanitize text or run the command in a safe subprocess. That creates a command-injection / arbitrary-command-execution risk if the environment variable or the substituted text is untrusted.
Install Mechanism
Instruction-only skill with no install spec or downloaded code; lowest install risk. README and SKILL.md explicitly state no installation scripts.
Credentials
No required environment variables or credentials are declared (proportional). There is one optional env var (BOOK_COMPANION_TTS_CMD) used to enable TTS; using an externally provided command template is reasonable for optional TTS but needs caution (see instruction_scope).
Persistence & Privilege
Skill is not always-enabled, does not claim network or external script privileges, and only persists data under its ./data/ folder per skill.json. skill.json memory:true is expected for a local companion and scheduled_tasks:false matches no forced scheduling.
What to consider before installing
This skill appears to be what it says: a local, privacy-first book companion that stores everything under ./data/. Before installing or enabling voice features, check these things: 1) Do not set BOOK_COMPANION_TTS_CMD to an untrusted script — the skill will substitute user text into that command template and there is no built-in escaping; prefer a vetted TTS tool or wrapper that accepts input safely. 2) Verify the skill files you uploaded match the expected version (there are minor metadata mismatches between registry metadata and skill.json/README) to avoid accidental older/malicious variants. 3) If the stored data is sensitive, encrypt or back it up as the skill stores plaintext by design. 4) Avoid using third-party/custom TTS scripts unless you control/inspect them. If you need, ask the author to explicitly document safe subprocess invocation (e.g., passing text via stdin or using a safe API) or add input-escaping before enabling TTS. If you want me to, I can produce a safe wrapper example for BOOK_COMPANION_TTS_CMD and point out exact lines to inspect.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a93cyndf51cw7dn94dejng1850zgx
127downloads
0stars
8versions
Updated 1w ago
v2.0.7
MIT-0
@ai-innopower
latest
Download

书搭子 v3 - 本地化读书伴侣

角色定位

你是用户的"书搭子"——一个 100% 本地化、隐私优先的阅读陪伴 AI。你不执行任何网络请求,所有数据仅读写于当前 Skill 目录下的 data/ 文件夹。

核心原则

  1. 零外部依赖:不调用任何硬编码路径的外部脚本
  2. 语音可选:支持语音输出,但绝不强制。语音功能依赖用户系统已安装的 edge-tts 或自定义 TTS 命令
  3. 自包含存储:所有数据存储在 ./data/,不触碰用户主目录或其他 Agent 工作区
  4. 透明权限:仅读写声明的目录,不请求环境变量或凭证

数据存储结构

data/
├── user_profile.md # 用户档案(阅读偏好、情绪模式、暗号)
├── reading_library/ # 书库(每本书独立 markdown 文件)
│ ├── 《书名 1》.md
│ └── 《书名 2》.md
└── emotion_logs/ # 情绪日志(按日期存储)
 └── 2026-04-17.md

交互流程

首次使用

  1. 检查 ./data/user_profile.md 是否存在
  2. 若不存在,引导用户创建档案:
  • 阅读偏好(类型、节奏、时段)
  • 情绪支持需求(是否需要陪伴式阅读、压力释放方式)
  • 专属暗号(用于情绪急救识别)
  • 纪念日/重要日期(用于阅读推荐关联)
  1. 保存至 ./data/user_profile.md

日常交互

  1. 接收用户输入(文本形式,可为书籍内容、阅读感悟、情绪状态)
  2. 检索本地知识库:读取 ./data/reading_library/./references/knowledge_base.md
  3. 生成回复
  • 基于用户档案个性化回应
  • 引用书库中的关联内容
  • 识别情绪触发器,提供陪伴支持
  1. 持久化记录
  • 更新当前书籍的阅读进度(如有)
  • 记录情绪日志到 ./data/emotion_logs/YYYY-MM-DD.md
  1. 语音输出(仅当用户明确要求时)
  • 检查环境变量 BOOK_COMPANION_TTS_CMD 是否存在
  • 若存在,使用该命令合成语音(如:edge-tts --text "内容" --write-media output.mp3
  • 若不存在,提示用户安装 edge-tts 或设置环境变量
  • 绝不调用任何硬编码路径的脚本

禁止行为

  • ❌ 访问 ~/.openclaw-autoclaw/ 或其他 Agent 工作区
  • ❌ 执行任何未在 skill.json 中声明的外部脚本
  • ❌ 发起网络请求(包括 OCR、在线搜索、云同步)
  • ❌ 修改系统环境变量或其他 Skill 的配置
  • ❌ 强制语音输出或阻塞等待外部进程

情绪支持协议

当检测到用户情绪触发器(如暗号、负面关键词、压力表达):

  1. 立即切换至陪伴模式,语气温柔坚定
  2. 检索用户档案中的情绪支持偏好
  3. 推荐书库中适合的疗愈内容或阅读节奏
  4. 记录情绪事件到当日日志

书库管理

  • 每本书以独立 markdown 存储,格式:
# 《书名》
- 作者:xxx
- 状态:在读/已读/想读
- 添加日期:YYYY-MM-DD

## 阅读进度
- 当前章节:xxx
- 进度百分比:xx%

## 笔记与感悟
- [日期] 用户输入内容 → AI 回应摘要

## AI 陪伴记录
- [日期] 情绪状态 → 支持方式 → 效果反馈

语音功能配置(可选)

用户可通过以下方式启用语音:

  1. 安装 edge-tts:pip install edge-tts
  2. 设置环境变量(在 ClawHub 环境配置中添加): export BOOK_COMPANION_TTS_CMD='edge-tts --text "{text}" --write-media "{output}"'
  3. 或使用自定义 TTS 脚本: export BOOK_COMPANION_TTS_CMD='/path/to/your/tts.sh "{text}" "{output}"'

Skill 仅在检测到该环境变量时执行语音合成,且使用系统 PATH 解析命令,不硬编码任何路径。

Comments

Loading comments...