ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

本地研究资料查询

v0.1.1

统一查询本地研究资料库,默认同时搜索 AlphaPai 归档和 knowledge_bases,支持精确检索、向量检索和混合检索,并默认排除 private 资料库如 personal。

0· 171·0 current·0 all-time
by@clawdbotrr
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (unified local archive query) aligns with the code: unified_query.py builds and runs per-source query commands for alphapai and knowledge_bases and merges results. Requiring local archive scripts (alphapai-scraper, knowledge_bases) is coherent with the stated purpose.
!
Instruction Scope
SKILL.md and unified_query.py instruct running local Python scripts and will import/execute code from other workspace locations (e.g., skills/alphapai-scraper/scripts/query_comments.py, knowledge_bases/kb_engine.py and analyze.run_ai_analysis). Those external scripts can read any local files, environment variables, or network endpoints; the skill text does not list or limit what those scripts may access. SKILL.md also includes a hard-coded example path (/Users/bot/.openclaw/...), which may be inaccurate and indicates assumptions about the runtime environment.
Install Mechanism
No install spec (instruction-only with bundled scripts) — nothing is downloaded from the network during install. The code does execute local scripts via subprocess.run, which is expected for a query aggregator but increases runtime risk because it delegates work to other local code.
!
Credentials
The skill declares no required env vars, yet it imports analyze.run_ai_analysis and common.load_settings from the alphapai scripts and invokes other engine scripts; those modules commonly require API keys or configuration. Because required credentials are not declared, the skill may rely on (or leak to) existing environment secrets without warning. The skill can also read/write under ~/.openclaw/data, which is logical but gives it write access to user data.
Persistence & Privilege
always is false and there is no install script that modifies other skills or global agent settings. The skill will run locally and can be invoked; autonomous invocation is allowed by platform default but is not combined with an elevated 'always' flag here.
What to consider before installing
This skill appears to do what it says (query local AlphaPai and knowledge_bases archives) but it executes and imports other local scripts that are not part of the published files. Before installing or enabling: 1) Inspect the referenced scripts (skills/alphapai-scraper/scripts/* and knowledge_bases/kb_engine.py and analyze.py) for network calls, credential use, or data exfiltration. 2) Confirm whether those modules read API keys or config files (e.g., OpenAI keys) — the skill does not declare required env vars. 3) Test the skill in a sandbox account or environment first, and ensure private scopes are correctly excluded by default. 4) Correct the hard-coded example path in SKILL.md if needed. If you cannot review the referenced code or do not trust the other workspace components, treat this skill as potentially risky.

Like a lobster shell, security has layers — review code before you run it.

latestvk9708vm9ds71kxjp60ayeqc1p1832ftr
171downloads
0stars
2versions
Updated 3h ago
v0.1.1
MIT-0
@clawdbotrr
latest
Download

Research Archive Query

这个 skill 用来统一查询你本地已经归档好的研究资料。

默认覆盖:

  1. alphapai 归档点评库
  2. knowledge_bases 归档资料库

默认行为:

  • 这是查询 skill,不负责抓取;请先有 alphapai-scraperknowledge-base 产生的本地归档
  • 默认查询最近 7
  • 默认使用 hybrid 模式,同时跑精确检索和向量召回
  • 默认不查询 private scope,例如 personal
  • 输出一份适合手机阅读的检索摘要

何时使用

  • 用户说“根据本地研究资料库查最近一周英伟达更新”
  • 用户要把 alphapai + knowledge_bases 的命中结果统一汇总
  • 用户要明确排除 personal 之类 private 资料库
  • 用户要按最近几天、某个行业、某个标的做统一检索

运行方式

默认统一查询:

python3 /Users/bot/.openclaw/workspace/skills/research-archive-query/scripts/unified_query.py --query 英伟达 --days 7 --mode hybrid

如果用户明确要求只做精确检索:

python3 /Users/bot/.openclaw/workspace/skills/research-archive-query/scripts/unified_query.py --query 英伟达 --days 7 --mode exact

如果用户明确要求只做语义模糊检索:

python3 /Users/bot/.openclaw/workspace/skills/research-archive-query/scripts/unified_query.py --query 英伟达 --days 7 --mode vector

如果用户明确说只查某个来源,可以加:

--sources alphapai

或:

--sources knowledge_bases

如果用户明确要求把 private 库也算进去,才追加:

--include-private

输出

  • 摘要:~/.openclaw/data/research-archive-query/reports/YYYYMMDD_HHMMSS_unified_query.md
  • 元数据:~/.openclaw/data/research-archive-query/runtime/YYYYMMDD_HHMMSS_unified_query.json

使用规则

  • 如果用户没有指定天数,默认 7
  • 如果用户说“最近一周”,用 --days 7
  • 如果用户说“最近一个月”,用 --days 30
  • 如果用户没指定模式,默认 --mode hybrid
  • 如果用户没明确授权,不要加 --include-private

当前接入范围

当前已接入:

  • alphapai
  • knowledge_bases

后续如果新增归档仓库,保持相同归档思路后,只需要在 scripts/registry.py 增加一个 adapter。

Comments

Loading comments...