Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Taizi Knowledge Base
v1.0.0个人知识库 - 融合向量检索、实体关系、笔记管理
⭐ 1· 77·0 current·0 all-time
bytangepier@tangepier-crypto
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill describes a personal knowledge base (vector search, entities, notes) but declares no required binaries or files while the instructions explicitly call a Python script (vector_kb.py) at a hard-coded path. That script is not included and no Python requirement is declared, so the claimed capability cannot be realized as described.
Instruction Scope
Runtime instructions tell the agent to read and write files under user home paths (~/.openclaw and C:\Users\Administrator\...), add files to an Obsidian directory, and extract entities. Those actions involve accessing local filesystem data and modifying user notes; the instructions give broad filesystem targets and hard-coded, platform-specific paths (Windows Administrator) rather than a configurable vault path.
Install Mechanism
There is no install spec (instruction-only), which limits installer risk. However, the runtime depends on a local script that is not provided; the absence of an install step or included code means the skill will either fail at runtime or rely on pre-existing, opaque local scripts.
Credentials
The skill requests no credentials or environment variables (reasonable), but it also fails to declare the need for Python or any NLP/embedding service keys that entity extraction or vector indexing might require. The lack of declared dependencies is inconsistent with the described functionality.
Persistence & Privilege
always:false and no special OS restrictions are set. The skill does instruct filesystem writes at runtime, but it does not request permanent elevated platform privileges in its metadata.
What to consider before installing
This skill's instructions expect a local Python script (C:\Users\Administrator\.openclaw\scripts\vector_kb.py) and write/read locations under ~/.openclaw and an Obsidian vault, but the package contains no code and declares no dependencies. Before installing or using it: (1) ask the publisher for the actual script/source and an install plan; (2) do not run commands that write into your home or notes until you inspect the script contents; (3) confirm which OS/path the skill targets (it mixes Windows and Unix paths) and request configurable vault paths; (4) ensure Python and any required NLP/embedding services are explicitly declared; (5) if you must test, run in a sandboxed account or VM and review the script for data-exfiltration or unexpected behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk97f7a2v4d0n42vkd9616cv1hs83n1xk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.