ClawHub

File Indexer Publish

v1.0.0

智能文件索引与检索系统 - 自动监控文件变化,快速查找代码文件、脚本和技能。支持关键词搜索、意图推荐、文件统计。

0· 109·0 current·0 all-time
by@zgbin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (file indexing/search) match the code and runtime behavior: indexer, searcher, watcher, and hook handler all implement indexing, scanning, monitoring and intent-based search. Requested resources (no env vars or external services) are appropriate for this purpose.
Instruction Scope
SKILL.md and README describe scanning and real-time monitoring of specified local directories; the code reads file contents (up to 500 bytes) to produce summaries and stores metadata and summaries in a local SQLite DB. This is consistent with the stated purpose but means the skill will read many files in the configured watch dirs (including possible secrets or credentials).
Install Mechanism
No external install spec or remote downloads are present. The package includes Python modules only. There is no network fetching or archive extraction in the provided files.
Credentials
The skill requests no environment variables or external credentials (proportional). However, it will access and index files under hard-coded WATCH_DIRS (/home/t/.claude/... and /home/t/cc_workspace/) and store file summaries and metadata in a local SQLite DB. That file access is expected for a search tool but can expose sensitive contents if those directories contain secrets or credentials.
Persistence & Privilege
always is false. However _meta.json shows auto_load: true and skill.json lists many agentIds, so the skill may be enabled/loaded by default for multiple agents—this increases its exposure surface even though it doesn't request elevated system privileges or modify other skills. It does create and maintain a local DB (persistence within its workspace).
Assessment
This skill appears to do what it says (index and search local code files) and does not call external endpoints or require secrets. Before installing: 1) Review and if needed change WATCH_DIRS and settings so it does not monitor folders with secrets (keys, credentials, private config). 2) Move the SQLite DB to a directory with restricted permissions or enable filesystem encryption if available. 3) Confirm you trust the skill source (metadata shows no homepage and 'owner' is unknown). 4) If you don't want automatic indexing, disable auto-load / remove the watch directories or run only manual scans. 5) Inspect hook integration (hook_handler) and OpenClaw agent hook permissions so it cannot be triggered unexpectedly. If you want extra assurance, run the code in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97djjnc0q6n6vc1g7szfm72bd83dj3z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments