Causal Graph Builder
v1.0.0自动从日志和记忆中提取实体、事件及其因果关系,构建动态知识图谱并支持查询与可视化。
⭐ 0· 471·2 current·2 all-time
byceelo@weidadong2359
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (auto-extract entities/events/causal relations from logs/memory) matches the included build.mjs which reads local memory files, extracts entities/events, infers relations, and writes memory/causal-graph.json. However SKILL.md describes additional inputs (.issues/open-*.md, memory/INDEX.md) and capabilities (LLM-based extraction, query.mjs, visualize.mjs, Dashboard integration) that are not implemented in the provided code. That mismatch is unexpected but could be an incomplete implementation rather than malicious.
Instruction Scope
SKILL.md instructs the agent to read multiple paths (memory/YYYY-MM-DD.md, MEMORY.md, .issues/open-*.md) and run commands referencing query.mjs and visualize.mjs. The actual build.mjs only attempts to read MEMORY.md and files under workspace/memory with date-named files, and there are no query.mjs or visualize.mjs files in the bundle. SKILL.md also mentions LLM extraction as an option, but the shipped code uses only local regex/heuristics and does not call any external LLMs or endpoints. This divergence gives the agent broad discretion in instructions without corresponding implementation and could confuse users.
Install Mechanism
There is no install spec (instruction-only style) and the included script is a small local Node module. No remote downloads, package installs, or third-party registries are used. The script writes memory/causal-graph.json in the workspace — expected for this task. Minor implementation risk: build.mjs calls fs.readdirSync on WORKSPACE/memory without guarding for the directory's existence, which can cause runtime failure.
Credentials
The only environment variable referenced is OPENCLAW_WORKSPACE to override the workspace directory; this is proportionate to the stated purpose. No credentials, tokens, or external service keys are requested or used.
Persistence & Privilege
The skill is not marked always:true and does not persist credentials or modify other skills. It does write an output file memory/causal-graph.json in the workspace (expected). SKILL.md mentions Dashboard integration and interactive visualization, but no code implements that; if future versions add remote/dashboard integration, that would raise new persistence/privilege considerations.
What to consider before installing
This skill appears to implement a local-only causal-graph builder and does not request secrets or network access, but the documentation and code disagree in several places. Before installing or running: (1) inspect the workspace/memory directory it will read and confirm you are comfortable with those files being scanned; (2) be aware it will write memory/causal-graph.json to your workspace; (3) note that query.mjs and visualize.mjs referenced in SKILL.md are missing and LLM integration is described but not implemented — if you need those features expect additional code that may require network access or credentials; (4) the script may crash if workspace/memory does not exist (minor bug). Because of the mismatches and incomplete implementation, proceed with caution or request a corrected/released version that matches its documentation.Like a lobster shell, security has layers — review code before you run it.
latestvk97bcms9tqkqr0mwc1z7wr11n1823sm9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.