Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (长文本上下文稳定输出续写) match the provided code and SKILL.md: anchor extraction, chunking, sliding windows, embedding caching, history management and consistency checking. Required Python packages (sentence-transformers, faiss, langchain, pydantic, numpy via deps in files) are reasonable for embedding/vector workflows.
Instruction Scope
SKILL.md instructions focus on initializing text, extracting anchors, generating enhanced prompts, consistency checks and history management. The runtime instructions do not ask the agent to read unrelated system files or environment secrets. It does note that sentence-transformers models will be downloaded on first run (expected).
Install Mechanism
No custom install script; dependencies are via pip (requirements.txt). This is an expected mechanism for a Python library. Be aware some deps (faiss-cpu, sentence-transformers, langchain-community) are heavy and may require native build tools or platform-specific wheels; model downloads occur at runtime.
Credentials
The skill requests no environment variables, no credentials, and no special config paths in its metadata. Code writes/reads session, cache and export files only when explicitly asked (save/load/export functions). There are no unexpected credential accesses.
Persistence & Privilege
The implementation persists caches and history to disk. EmbeddingCache.save_to_disk/_load_from_disk uses pickle to store/load cache data; untrusted pickle files can lead to arbitrary code execution if later loaded. History and export functions write JSON/txt. While persistence is reasonable for a stateful text tool, the use of pickle for disk loading is a security risk and should be used only in controlled directories and with trusted files.
Assessment
This skill appears to do what it claims (extract anchors, manage sliding windows, produce enhanced prompts, and check consistency). Before installing or running it: 1) Run it in an isolated environment (virtualenv/container) because dependencies like faiss-cpu and sentence-transformers can be heavy and install native code. 2) Be prepared for automatic model downloads (sentence-transformers) on first run — ensure you are happy with network access. 3) Do not load pickle files from untrusted sources: the embedding cache uses pickle for persistence, which can execute code when loading; if you enable persistence (persist_dir) or auto-save, point it to a directory you control and avoid sharing those files. 4) Consider setting history.auto_save to false until you review where files are written, and inspect the remaining (truncated) module files (especially __init__.py and vector_store.py) for any network calls or unexpected behavior before enabling automatic features. 5) If you need stricter safety, modify the code to use safe serialization (JSON) for cache persistence or disable loading of persisted caches.Like a lobster shell, security has layers — review code before you run it.
latestvk976g95227d2k6jcygqh5dq3xn83gmrg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.