太湖云水务知识库
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: water-knowledge-assistant Version: 1.0.0 The bundle is a legitimate RAG-based (Retrieval-Augmented Generation) assistant designed for water equipment knowledge management. It includes well-structured scripts for audit logging (audit-logger.py), local file synchronization (ingest-from-e-drive.py), and external news updates via the Tavily API (tavily-daily-update.py). The requested file system permissions are restricted to specific local workspace directories (D:\code\openclaw_lakeskill\), and the network access is limited to the stated purpose of updating the knowledge base. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Questions typed into the assistant may be transmitted to an unexpected external AI provider.
The query embedding call uses an Aliyun DashScope endpoint, while the setup text describes an OpenAI API key. This means user queries may be sent to a provider that is not clearly disclosed to the user.
OpenAIEmbeddings(
model=EMBEDDING_MODEL,
base_url="https://dashscope.aliyuncs.com/compatible-mode/v1"
)Clearly disclose the embedding provider and data sent, use a provider-specific environment variable, or align the code with the documented provider.
Users may not realize before installation that external API keys are needed and that queries may use those services.
The registry metadata declares no credentials, but SKILL.md setup asks for OPENAI_API_KEY and TAVILY_API_KEY. The keys are purpose-aligned, but the credential contract is under-declared.
Required env vars: none Env var declarations: none Primary credential: none
Declare required or optional API keys in metadata and document exactly which service each key authorizes.
Chat content and contact details may remain in local JSONL audit logs.
The audit logger persists raw inputs and outputs, and the skill's inquiry workflow asks for company, contact person, and phone number. This is disclosed audit behavior, but it can store personal or business data locally.
"user_id": user_id, "input": input_data, "output": output_data, "risk_level": risk_level
Add log retention, access-control, and redaction guidance, especially for phone numbers and company/contact information.
Incorrect or manipulated web content could become part of future knowledge-base answers.
External Tavily search results can be summarized, stored in the local knowledge base, and indexed for future answers. This is purpose-aligned, but untrusted web content can influence later responses.
结果处理:AI总结后以Markdown存入知识库并建立向量索引
Review or source-check newly imported web results before indexing them, and keep citations visible in answers.
Installation may fail or may require obtaining unreviewed files from somewhere else.
The install instructions reference requirements.txt and helper scripts that are not included in the provided file manifest. This looks like packaging drift rather than malicious behavior, but it means the documented setup does not match the reviewed artifacts.
pip install -r requirements.txt python scripts/knowledge_base_import.py python scripts/vector_index_builder.py
Ship the referenced requirements and scripts, or update the documentation to match the included files before users run setup commands.
The assistant's data can keep updating on a schedule after initial setup.
The skill documents optional cron jobs for unattended import, Tavily updates, vector rebuilds, and log cleanup. This is disclosed, but it creates persistent background activity if the user configures it.
cron_job ... 0 3 * * * python /path/to/water-knowledge-assistant/scripts/tavily_update.py
Enable scheduled jobs only if needed, verify the exact scripts and paths, and make sure there is a clear way to disable them.