Conversation Miner
v1.0.0对话价值提取助手 - 从 AI 对话中自动总结、提取待办/想法/决策,支持持续进化
⭐ 0· 95·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name and description match the code and instructions: the skill extracts summaries, todos, ideas, code snippets and can save/search them. Declared SKILL.md permissions (sessions_history, memory_write) fit the stated purpose. Minor mismatch: SKILL.md instructs the agent to call a sessions_history tool and save into a 'memory' path, but the included Node CLI code reads/writes local JSON files under a DATA_DIR (default ~/.conversation-miner/data). This looks like two complementary runtime modes (agent-mode vs CLI-mode) rather than deliberate misdirection, but it's an inconsistency worth noting.
Instruction Scope
Runtime instructions specify reading recent session history (up to 200 messages), doing layered extraction and optionally saving feedback to memory. The included implementation reads and writes local session data files and exports markdown; it does not contact external endpoints. The skill thus stays within the stated scope (reading conversation history, analyzing it, and persisting summaries). Note: SKILL.md and HELP refer to saving under 'memory/{date}.md' while storage.js writes to DATA_DIR; the agent could write conversation content to disk — a privacy consideration.
Install Mechanism
There is no install spec (instruction-only metadata) but the skill bundle contains Node.js source and a CLI. No remote downloads, no obscure installers, and no package registries are pulled during install. Risk from install mechanism is low in this bundle.
Credentials
The skill requests no cloud credentials or sensitive environment variables. It does use MINER_DATA_DIR (optional) and MINER_USER for CLI behavior and reads process.env.HOME to determine a default data path — these are reasonable for a tool that stores local data. The SKILL.md permission memory_write implies the agent may write conversation content to local storage; that is proportionate but privacy-relevant.
Persistence & Privilege
The skill is not always:true and does not request elevated platform privileges. It will persist conversation data locally (JSON files under DATA_DIR) and offers export-to-file functionality. That persistence is consistent with the stated 'save to memory' feature, but users should be aware the skill will write/read local conversation files.
Assessment
This skill appears to do what it claims: reading recent conversation history, extracting todos/ideas/decisions, and storing/searching results locally. Before installing, consider: 1) Privacy: the skill will read session history (sessions_history permission) and persist conversation content to disk (default ~/.conversation-miner/data or folder set by MINER_DATA_DIR). If you do not want local persistence, do not enable save operations. 2) Paths and env: you can set MINER_DATA_DIR to control where files are stored and MINER_USER to control per-user file names. 3) Implementation quirks: the codebase has minor inconsistencies (e.g., SKILL.md refers to 'memory/{date}.md' while storage.js uses DATA_DIR; extractor returns code blocks with a 'code' field while exporter/search expect 'content'), which could cause some exports/searches to miss or mis-format items — consider testing in a safe environment first. 4) No network exfiltration observed, and no external credentials are requested — do not provide unrelated secrets. If you need higher assurance, run the CLI in a sandbox, inspect saved JSON files, or request the author to resolve the noted data-shape/path inconsistencies.Like a lobster shell, security has layers — review code before you run it.
latestvk97d4s1pwzsen8hsdw99e04n4d83mk3z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.