围棋棋谱数据库
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a local Go/weiqi game-record database tool; it can modify its own local database and needs a Python package install, but the artifacts do not show credential use, network access, exfiltration, or deceptive behavior.
This skill looks appropriate if you want a local SGF database. Before installing, be comfortable installing TinyDB with pip, and review any agent-proposed add, overwrite, update, tag, export, or delete command before allowing it to run.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency may fetch code from the Python package ecosystem before using the local tool.
The skill relies on a third-party Python package installed from pip, and the instruction does not pin a version. This is common for local Python tools but is a supply-chain item users should notice.
pip3 install tinydb
Install from a trusted Python environment, consider pinning TinyDB to a known-good version, and avoid running the setup in a sensitive system environment if you do not trust the source.
If invoked carelessly, the agent could overwrite or delete records in the local weiqi database.
The documented CLI includes local mutation operations such as bulk import with overwrite behavior and deleting database records. These are aligned with database management but should remain user-directed.
python3 db.py add --dir ./downloads/ --conflict overwrite ... python3 db.py delete --id "xxx"
Ask for confirmation before add/update/delete/overwrite operations, and keep a backup of `~/.weiqi-db/database.json` if the records matter.
Imported SGF files, comments, metadata, and tags may remain in the local database until deleted.
The skill intentionally stores full SGF contents and metadata persistently in a local JSON database. This is expected for the stated purpose, but it means imported game data can be retained and reused in later queries.
所有数据(含SGF内容)存储在一个JSON文件中
Only import SGF files you want retained locally, and delete records or the database file when you no longer want that content stored.