Mult Call

v1.0.0

多路召回skill ,用于将意图识别skill中的指标和维度信息进行分析，通过向量知识库召回QA问答对，通过图数据库召回表的定义结构。

⭐ 0· 185·1 current·1 all-time

by@lovenervermore

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lovenervermore/mult-call.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Mult Call" (lovenervermore/mult-call) from ClawHub.
Skill page: https://clawhub.ai/lovenervermore/mult-call
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mult-call

ClawHub CLI

Package manager switcher

npx clawhub@latest install mult-call

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's description says it will call Neo4j (table DDL) and Milvus (QA recall). SKILL.md documents required .env keys (NEO4J_*, MILVUS_*, EMBEDDING_*), but the registry metadata claims no required env vars or credentials. This is an internal mismatch: the skill can use external DB credentials though none are declared.

Instruction Scope

SKILL.md describes reading an intent_output.json and writing a multicall output; the included node wrapper (index.js) does not read those files but launches the Python code via stdin. More importantly, index.js reads a parent .env file (../.env) and injects its content into process.env, then spawns Python while passing the entire environment. That behavior expands scope beyond the simple recall task because any secrets present in that .env (or the process env) become available to the skill's subprocess.

✓

Install Mechanism

No install spec or external downloads; the skill is instruction/code-only and relies on a local Python runtime. There are no suspicious remote install URLs or archive extraction steps in the provided metadata.

Credentials

Although the registry lists no required credentials, SKILL.md documents many expected env keys for Neo4j and Milvus. index.js actively loads ../.env and propagates the full process.env to the Python subprocess. This creates a risk of exposing unrelated secrets present in the environment, and the skill requests environment access that is not declared in the registry metadata.

✓

Persistence & Privilege

The skill is not requested to be always-enabled and does not modify other skills or system-wide configuration. It runs as an on-demand skill with no elevated persistence privileges.

What to consider before installing

This skill appears to implement the advertised recall functionality, but there are some mismatches and environment handling risks you should address before installing: - The skill's SKILL.md expects Neo4j/Milvus credentials (NEO4J_*, MILVUS_*, EMBEDDING_*, etc.) even though the registry lists no required env vars. Treat any .env values as sensitive — the skill may use them to connect to your services. - index.js reads a parent ../.env file and injects those variables into process.env, then forwards the entire environment to the Python subprocess. If your repo .env (or any existing env vars) contains unrelated secrets (cloud keys, tokens), those will be accessible to this skill. Consider removing or sanitizing such secrets before running. - If you plan to enable realtime Neo4j/Milvus integration, provide only least-privileged credentials and test in a sandbox. If you do not want the skill to access external services, run it in an environment without those .env keys or with dummy credentials — the Python class is written to degrade to a default DDL and empty QA list when services are not injected. - If you need stronger assurance, open the full multi_call.py file (the part that may create service clients from environment) and confirm it does not transmit data to unexpected endpoints. Alternatively, run the skill locally in an isolated container to observe its outgoing connections. Given the mismatch between declared requirements and the code's env handling, proceed cautiously and avoid exposing production secrets to this skill until you confirm which environment variables it will actually use.

✗

index.js:109

Shell command execution detected (child_process).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🐬 Clawdis

latestvk97e6jx9pr2cf2bjj9gzqtbvr1833kpf

185downloads

0stars

1versions

Updated 6h ago

v1.0.0

MIT-0

Skill: multi_call

Description: 多路召回 skill，将意图识别结果分析后，通过向量知识库召回 QA 问答对，通过图数据库召回表的 DDL 结构。
Inputs: [intent_output]（从 skills/.workflow/intent_output.json 读取）
Outputs: [table_scheme, Q_A_pairs]（写入 skills/.workflow/multicall_output.json）
ID: multi_call
Role: 知识召回引擎
功能描述：基于实体标签，从元数据中心检索表结构（Schema）、指标计算口径、枚举值及业务知识。
输入参数：
- final_query (string): 来自 intent_output.json
- indicator_metric (list): 指标 + 维度信息
输出结果：
- table_scheme (string): CREATE TABLE DDL 字符串（来自 Neo4j）。
- Q_A_pairs (list): 相似问题 + SQL 示例（来自 Milvus）。
- 召回权重：表结构 (0.5) + 指标定义 (0.3) + 知识库 (0.2)。

注入服务（通过 `.env` 配置）

服务类	作用	.env 关键配置
`_RealNeo4jService`	查询表结构 DDL	`NEO4J_URI` / `NEO4J_USER` / `NEO4J_PASSWORD`
`_RealMilvusQAService`	召回相似 QA 对	`MILVUS_`, `EMBEDDING_`, `MILVUS_QA_COLLECTION`（默认 `dev_vanna_sql`）

两个服务均可独立失败降级：Neo4j 失败时返回空 DDL，Milvus 失败时返回空 QA 对。

独立运行说明

# 前置：先运行前两步
python ../rewrite-question/rewrite_question.py --query "今天汉河店的成交额"
python ../recognize-intent/recognize_intent.py

# 运行多路召回（从 .workflow/intent_output.json 自动读取）
python multi_call.py

# 带清理（清除本步及后续输出）
python multi_call.py --clean

下一步

python ../sql-generator/sql_generator.py

Comments

Loading comments...