ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sumo Notebook RAG

v1.0.0

搜尋並返回 SumoNoteBook 知識庫中與查詢相關的前三條文字內容預覽作為參考依據。

0· 74·0 current·0 all-time
by@sumo0221

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for sumo0221/sumo-notebook-rag.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sumo Notebook RAG" (sumo0221/sumo-notebook-rag) from ClawHub.
Skill page: https://clawhub.ai/sumo0221/sumo-notebook-rag
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sumo-notebook-rag

ClawHub CLI

Package manager switcher

npx clawhub@latest install sumo-notebook-rag
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Stated purpose (search SumoNoteBook .md files and return top-3 results) matches the steps in SKILL.md. However, the skill implicitly requires local components (Ollama embedding endpoint, LanceDB vector DB, Node scripts, and a specific Windows directory) that are not declared in the registry metadata. The declared 'no required binaries/envs' is therefore incomplete.
!
Instruction Scope
Runtime instructions explicitly direct the agent to read local file-based knowledge (SumoNoteBook .md files), call a local Ollama endpoint (http://localhost:11434), and use LanceDB located under the agent's memory path (and a Windows path is referenced). These file and service accesses are within the described search purpose but are sensitive (reading many local files) and the instructions assume availability of specific scripts and paths on the host system.
Install Mechanism
No install spec and no code files are included, which limits disk writes by the skill itself. That lowers risk compared with an installer that downloads and executes arbitrary code. However, the skill assumes external components are already installed (Ollama, Node, LanceDB) but does not declare them.
!
Credentials
The skill declares no required environment variables or credentials, which aligns with a local-only knowledge retrieval tool. But it expects access to local directories and services (localhost Ollama, C:\butler_sumo, ~/.openclaw/lancedb-pro). Access to these paths and services can expose sensitive local data; the lack of explicit dependency declarations is misleading and hinders a correct risk assessment.
Persistence & Privilege
always:false (not force-included) and no indications the skill modifies other skills or global agent config. Autonomous invocation is allowed (platform default), which is expected for skills of this type but increases blast radius if the skill is granted broad local file access.
What to consider before installing
This skill appears to be a local knowledge-base searcher, but the SKILL.md assumes you already have: a running Ollama daemon (http://localhost:11434), LanceDB with a sumo_notebook table, Node.js, and the two Windows scripts under C:\butler_sumo\... — none of which are declared in the metadata. Before installing or enabling: 1) Verify those paths and scripts exist on the host and inspect the script contents (ingest_notebook.mjs, query_notebook.mjs) so you know what they read/transmit. 2) Confirm you are comfortable the agent will read the specified local markdown files (these may contain sensitive data). 3) Ensure Ollama and LanceDB are trusted and correctly configured (they run locally but may expose data if misconfigured). 4) If you expect this to run on a non-Windows host or in a sandbox, update the skill metadata to list required binaries (node, Ollama), paths, and any network endpoints; ask the publisher to correct the missing dependency declarations. If the author can provide an install spec or explicit list of required components and an explanation of why those specific local paths are needed, that would reduce the ambiguity and could change this assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk970j9g3jzdqzk2ne85typvq5s84bvar
74downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@sumo0221
latest
Download

notebook-rag skill

version: 1.0.0

查詢 SumoNoteBook 知識庫並返回相關內容作為 context。

觸發條件

當需要查詢蘇茉家族知識庫時使用,例如:

  • 老爺問關於蘇茉家族架構的問題
  • 需要引用 SumoNoteBook 中的內容
  • 需要檢索蘇茉的學習記錄

使用方式

查詢語法

/notebook-rag <查詢文字>

參數

  • <查詢文字>: 要搜尋的問題或主題

範例

/notebook-rag 蘇茉家族多代理架構
/notebook-rag 工程師蘇茉的職責
/notebook-rag workspace 是什麼

運作流程

  1. 接收查詢文字
  2. 對查詢做 embedding(透過 Ollama nomic-embed-text
  3. 在 LanceDB sumo_notebook 表中做 cosine similarity 搜索
  4. 返回 top-3 最相關的內容

輸出格式

🔍 查詢: "<用戶查詢>"

📚 相關內容:

[1] <檔案名稱> (相關度: 0.XXX)
---
<內容預覽(前 300 字)>
---

[2] <檔案名稱> (相關度: 0.XXX)
---
<內容預覽>
---

技術規格

  • Embedding 模型: nomic-embed-text (768-dim)
  • 向量資料庫: LanceDB (~/.openclaw/memory/lancedb-pro)
  • 表名: sumo_notebook
  • 索引內容: SumoNoteBook 下所有 .md 檔案(117 個檔案,260 個 chunk)
  • 搜尋方式: Cosine distance
  • Top-K: 預設 3 條結果

腳本位置

  • 查詢腳本: C:\butler_sumo\library\SumoNoteBook\scripts\query_notebook.mjs
  • 攝取腳本: C:\butler_sumo\library\SumoNoteBook\scripts\ingest_notebook.mjs

維護

更新索引

cd C:\butler_sumo\library\SumoNoteBook\scripts
node ingest_notebook.mjs --rebuild  # 全量重建
node ingest_notebook.mjs             # 增量更新

檢查狀態

# 確認 Ollama 運行
curl http://localhost:11434

# 確認 LanceDB 表
node -e "import('@lancedb/lancedb').then(async m => { const db = await m.connect('C:\\\\Users\\\\rayray\\\\.openclaw\\\\memory\\\\lancedb-pro'); console.log(await db.tableNames()); })"

限制

  • 只能搜尋 SumoNoteBook 中的 .md 檔案
  • 不包含 binary 檔案或非文字內容
  • 結果預覽限制在 300 字(完整內容需手動開啟檔案)
  • 查詢延遲約 2-5 秒(取決於網路和 Ollama 負載)

Comments

Loading comments...