llm-wiki-simple
v1.0.1自动扫描原始资料,分类整理并格式化生成结构化个人知识库,支持分类、更新和索引管理。
⭐ 0· 48·0 current·0 all-time
bywilliam-w@wwl52
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the instructions: scanning a local 00_Raw/ tree, extracting text, re-writing structured pages into 01_Wiki/, indexing and reporting. There are no unrelated environment variables or odd external services requested. Minor note: the SKILL.md refers to helper tools named `read` and `look_at` for PDF/figure extraction but the registry metadata does not declare these as required binaries or installs; this is plausible as platform-provided tools but should be confirmed.
Instruction Scope
Instructions stay within the stated purpose: traverse and read .md/.txt/.pdf in 00_Raw/, produce distilled .md pages in 01_Wiki/, update an index, and write logs to 02_System/build.log. The skill explicitly forbids modifying 00_Raw/ and forbids inserting API keys/sensitive data into outputs, but that is a guideline only — there is nothing in the SKILL.md that prevents the agent from sending file contents to the configured LLM. The runtime will therefore transmit raw or summarized contents to whatever LLM the agent uses, which is expected behavior but has privacy implications.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written by an installer per registry metadata.
Credentials
No environment variables, credentials, or config paths are required by the skill itself (proportionate). However, the workflow implicitly requires an LLM endpoint (the instructions repeatedly reference 'LLM' processing) — the skill does not declare where or how model credentials are provided. This means sensitive local files will be forwarded to whatever LLM the agent is configured to use; users should confirm that model usage and any API keys are acceptable for that data.
Persistence & Privilege
always is false and the skill does not request persistent system-wide configuration or modification of other skills. It writes only to a local wiki directory under the project root per its instructions, which is within its stated scope.
Assessment
This skill is coherent with its purpose but you should take these precautions before installing: (1) Confirm the agent environment provides the `read`/`look_at` PDF/figure extraction capabilities referenced, or the workflow may fail. (2) Recognize that the skill sends file contents to an LLM for processing — do NOT run it on folders containing secrets, credentials, or highly sensitive data unless you trust the configured model/provider and its data retention policy. (3) Back up your existing 01_Wiki/ before first run (the skill will overwrite same‑name pages). (4) Run initially in a sandbox/project copy to verify behavior and outputs. (5) If you need guarantees about data residency or no-exfiltration, require an on-premise/private LLM or explicit code changes to avoid network/model calls. If you want more confidence, ask the author to clarify whether `read`/`look_at` are platform tools, and to document how LLM invocations are performed and where model API keys are stored/used.Like a lobster shell, security has layers — review code before you run it.
latestvk97dg1t229rg552b0hs12s2t5d84cwx5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.