kb-digest
v1.2.0知识提炼器:任意链接/PDF/文字,一条命令提炼成结构化知识卡片。支持生成摘要、Q&A、思维导图、播客脚本。当用户想消化文章、研究论文、整理信息、做知识管理时触发。
⭐ 0· 65·0 current·0 all-time
byvine.xio@vineindalvik
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (extract structured knowledge from URLs/PDF/text) aligns with the code and SKILL.md. Minor metadata mismatches: registry metadata lists no required env/binaries while SKILL.md declares python3 and three OpenClaw-injected LLM env vars; SKILL.md version (1.1.0) differs from registry version (1.2.0). These look like packaging/metadata inconsistencies rather than malicious intent.
Instruction Scope
SKILL.md and handler.py instruct the agent to fetch web pages or PDFs, extract text, then call an LLM endpoint with that text. The runtime only reads a local .env (optional), command-line args, and the specified input files/URLs. There are no instructions to read unrelated system files or to transmit data to endpoints other than the configured LLM base URL and an optional Feishu webhook.
Install Mechanism
No install spec in registry; it's an instruction-only skill with requirements.txt and a recommendation to pip install. This is low-risk compared with arbitrary downloads. The pip packages requested (requests, pypdf, markdownify, python-dotenv) are appropriate for the described functionality.
Credentials
The skill requires an LLM API key/base URL/model (OPENCLAW_LLM_*) which are necessary for its behavior. The optional FEISHU_WEBHOOK_URL for pushing results is proportional. It does not request unrelated credentials or system config paths.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide configs. It only reads/writes files it is explicitly given (e.g., saving outputs) and an optional local .env file in the skill directory.
Assessment
This skill is coherent with its stated purpose, but check a few practical points before running: (1) The skill sends extracted content to whatever LLM base URL and API key are configured — do not send sensitive or confidential documents unless you trust the model endpoint. (2) The SKILL.md expects OpenClaw to inject OPENCLAW_LLM_* variables; verify the platform will provide them or pass overrides via CLI. (3) The package suggests installing dependencies via pip; review requirements.txt and run in a virtual environment. (4) The registry metadata/version mismatch and the SKILL.md declarations are minor packaging issues — if you need high assurance, ask the publisher for an authoritative homepage or audit the repository. (5) If you plan to enable Feishu push, ensure the FEISHU_WEBHOOK_URL points to a trusted webhook (webhooks can receive whatever output the skill sends).Like a lobster shell, security has layers — review code before you run it.
latestvk979m6w6qqnrrcfx2kxgractqx84qf8x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.