ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Knowledge Chat

v1.0.2

Knowledge Chat 知识库对话助手 - 支持连接外部知识库、语义搜索、上下文对话、图片/附件理解。具备思考进度提示、Markdown渲染、后续建议、向量索引构建等功能。

0· 130·0 current·0 all-time
by@franksteinwen007-git

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for franksteinwen007-git/knowledge-chat.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Knowledge Chat" (franksteinwen007-git/knowledge-chat) from ClawHub.
Skill page: https://clawhub.ai/franksteinwen007-git/knowledge-chat
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install knowledge-chat

ClawHub CLI

Package manager switcher

npx clawhub@latest install knowledge-chat
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code files and SKILL.md implement a knowledge-base chat, semantic search, multimodal uploads, and RAG-style behavior as described. However the registry metadata declares no required environment variables or primary credential while the documentation and code clearly expect a DASHSCOPE_API_KEY / API key for an external AI service, which is an inconsistency that should have been declared.
Instruction Scope
Runtime instructions are focused on deploying a Next.js app and setting DASHSCOPE_API_KEY, and the code shows expected behavior (POSTs to knowledge/chat/search endpoints, file reading for search, base64-encoding images for multimodal requests). The instructions do not ask the agent to read unrelated system files or secrets, but the connector will read files you point it at and will upload file contents/images to the target API—this is expected for the feature but materially affects data exposure.
Install Mechanism
There is no install spec in the registry (instruction-only). The included setup.sh only installs common npm packages (react-markdown, remark-gfm) and checks for Node.js; there are no downloads from obscure URLs or archive extraction operations in the package that would write arbitrary code to disk beyond typical dependency installs.
!
Credentials
The SKILL.md and Python scripts require an API key (DASHSCOPE_API_KEY / api_key) to call an external Dashscope endpoint. That credential is appropriate for the described functionality, but the registry metadata fails to declare it. The scripts also accept an arbitrary base_url—if a user configures that to a malicious endpoint, documents/images uploaded will be sent there. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It appears to run as a normal, user-invoked skill without elevated or persistent platform privileges.
What to consider before installing
Key things to consider before installing or running this skill: - The SKILL.md and scripts require an API key (DASHSCOPE_API_KEY) though the registry metadata did not declare it — treat that as a metadata omission and expect to supply a key. - The connector will send uploaded files, images (base64), and any local files you point it at to the configured external endpoint (default: dashscope.aliyuncs.com). Do not upload sensitive or confidential documents unless you trust and have reviewed the target service and its data handling policy. - The connector accepts a configurable base_url; ensure you set it only to trusted endpoints. A malicious base_url would receive whatever content the skill sends. - Review the included scripts (scripts/kb_connector.py and references/kb_connector.py) yourself before running; they are short and readable. If you must run, do so in an isolated/test environment first. - Be cautious running scripts/setup.sh directly: it runs npm install and only warns about the DASHSCOPE_API_KEY. Confirm package.json/dependencies in your deployment context and consider running in a container. - If you plan to deploy in production, restrict the API key scope, rotate keys, and verify the vendor (Dashscope/Aliyun endpoint) and privacy terms. Also ask the skill author/owner to update registry metadata to list required env vars and the homepage/source for accountability.

Like a lobster shell, security has layers — review code before you run it.

latestvk974n53ehjwm7zg7ywq9m6517984r3tj
130downloads
0stars
2versions
Updated 2w ago
v1.0.2
MIT-0
@franksteinwen007-git
latest
Download

Knowledge Chat 知识库对话助手 v1.0.2

📋 版本更新

v1.0.2 新增功能 (2026-04-13)

  • 向量索引构建 - 知识库管理界面新增"索引"按钮,手动构建向量索引
  • PDF 内容解析 - pdf-parse v1.1.1 正确解析 PDF 内容
  • 语义搜索优化 - 检索数量从 5→10,阈值从 0.3→0.25,内容更全面
  • 回复更详细 - 更新 system prompt,回复更详细完整,包含引用原文
  • 嵌入 API 修复 - 批次大小改为 10,符合 Dashscope API 限制

v1.1.0 新增功能 (2026-04-13)

  • 思考进度条 - 发送消息时显示"正在思考中..."动画,实时反馈
  • Markdown 正确渲染 - 表格、列表、引用块、代码块完美显示
  • 后续建议 - AI 自动生成 2-3 个相关追问,引导深入探索
  • 图片/附件支持 - 发送图片和文档,AI 自动理解内容
  • 紧凑 UI 布局 - 100% 缩放即可查看完整界面,无需拖动

🎯 功能概述

Knowledge Chat 是一个专业的知识库对话助手,具备以下核心能力:

功能模块说明
知识库连接连接外部知识库 API,支持多种认证方式
语义搜索基于 RAG 的智能检索,比关键词搜索更精准
上下文对话多轮问答,记住对话历史
多模态理解支持图片、文档附件,AI 自动分析内容
来源标注回答末尾标注信息来源(文件名/网页链接)

🚀 使用场景

  1. 企业知识库接入
  2. 智能问答系统
  3. 文档检索助手
  4. RAG (检索增强生成) 应用
  5. 多模态内容分析

📁 项目结构

knowledge-chat-skill/
├── SKILL.md              # 技能说明文档
├── README.md             # 项目简介
├── references/           # 参考资料
│   └── kb_connector.py   # 知识库连接示例
├── scripts/              # 脚本文件
│   └── setup.sh          # 安装脚本

🔧 核心技术栈

技术用途
Next.js 14前端框架
TypeScript类型安全
Tailwind CSSUI 样式
Dashscope APIAI 模型(qwen-plus, qwen-vl-max)
SQLite + better-sqlite3本地数据库
react-markdownMarkdown 渲染
remark-gfmGitHub Flavored Markdown

💡 API 端点

聊天相关

  • POST /api/chat/messages - 发送消息(支持附件)
  • GET /api/chat/sessions - 获取会话列表
  • GET /api/chat/sessions/:id/messages - 获取历史消息
  • POST /api/chat/upload - 上传图片/文件
  • GET /api/chat/files/:fileId - 获取文件

知识库相关

  • GET /api/knowledge - 知识库列表
  • POST /api/knowledge/:id/upload - 上传知识文档
  • POST /api/knowledge/:id/ingest - 解析知识内容

🎨 UI 功能详解

1. 思考进度条 (ThinkingIndicator)

发送消息后,显示三个弹跳圆点动画 + "小新正在思考中..." 提示,让用户知道 AI 正在处理。

2. Markdown 渲染器 (MarkdownRenderer)

  • 自动转换 <br> 为换行
  • 表格:带边框、悬停高亮
  • 列表:每项独立一行,带图标
  • 代码块:语法高亮背景
  • 引用块:左侧彩色边框

3. 后续建议 (FollowUpQuestions)

AI 在回答末尾生成 2-3 个相关问题,用户点击可直接发送,无需手动输入。

4. 文件上传 (FileUpload)

  • 图片:支持 JPG/PNG/GIF,显示预览
  • 文档:txt/md/pdf 等,自动读取内容
  • 限制:单文件最大 10MB

🔐 安全说明

  • 所有文件上传需登录验证
  • 文件大小限制 10MB
  • 图片支持格式:JPG, PNG, GIF, WEBP
  • 文档支持格式:TXT, MD, PDF, DOC, DOCX

📊 数据库表

表名说明
chat_sessions对话会话
chat_messages对话消息
chat_files上传的文件附件
knowledge_base知识库配置
knowledge_files知识库文档

📝 示例对话

用户: 如何进行 Salesforce 数据备份?

小新:

## ✅ Salesforce 数据备份方案

**推荐方案:**

1. **OwnBackup** - 市场占有率第一
   - 自动化备份
   - 一键恢复
   - 审计日志

2. **Git + SFDX** - 元数据备份
   - 版本追溯
   - 变更可回滚

📚 信息来源:CRM知识库 - 备份策略章节

---
接下来,你可能想了解:
[数据恢复流程] [备份频率设置] [成本对比分析]

🔄 版本历史

版本日期更新内容
v1.0.22026-04-13向量索引构建按钮、PDF解析修复、语义搜索优化、回复更详细
v1.1.02026-04-13思考进度、Markdown渲染、后续建议、图片/附件支持、UI优化
v1.0.02026-04-10初始版本:知识库连接、语义搜索、上下文对话

🙏 使用说明

  1. 部署 Next.js 项目到服务器
  2. 配置 .env.local 中的 DASHSCOPE_API_KEY
  3. 运行 npm run build && pm2 start
  4. 访问 /dashboard/chat 开始对话

分享链接: https://xiaping.coze.site/skill/4dd4f1c0-d0d8-4f66-9ca2-588583beba92

Comments

Loading comments...