← Back to Skills Marketplace
sevenal

semantic-search

by Sevenal · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
447
Downloads
1
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install semantic-search
Description
企业级语义检索技能,支持表格/字段/文件搜索和 Text-to-SQL 数据生成
Usage Guidance
This package appears to implement the advertised semantic-search functionality, but review carefully before installing: - Expect to provide FlightSQL credentials; the skill will connect to your DB and run queries (Text-to-SQL may execute SELECTs). Provide a least-privilege DB account and limit network access. - The code attempts to import project-level configs (utils.config) by adding parent paths to sys.path. That means the skill can pick up and use configuration files or credentials present in the surrounding environment — run it in an isolated container / sandbox to avoid accidental use of host secrets. - The docs reference many optional external services (LLM endpoints, embedding/rerank services, internal IPs). If you supply LLM/embedding API keys or allow network egress, the skill will make outbound requests; audit those endpoints and restrict egress where appropriate. - Dependencies are extensive and pull third-party libraries. Pin and audit dependency versions, and install in an isolated virtualenv or container. - There are small inconsistencies (missing test module referenced in docs). Consider doing a quick code review of the text2sql and retriever modules and a dry-run in a non-production environment to confirm which external endpoints are actually called. If you need this skill in production: run it with network egress controls, a restricted DB user, and with LLM/embedding credentials limited to test models/services until reviewed.
Capability Analysis
Type: OpenClaw Skill Name: semantic-search Version: 1.0.0 The skill is classified as suspicious primarily due to a potential SQL injection vulnerability in `src/text2sql.py`. Although the `_is_valid_select_statement` function attempts to restrict SQL queries to `SELECT` statements and forbid DML/DDL commands, regex-based validation can be bypassed by sophisticated attackers, leading to unauthorized database operations. Additionally, the `PROJECT_CONFIG.md` file discloses internal network IP addresses for various services (e.g., FlightSQL, LLM, Embedding, Rerank, Nacos), which constitutes sensitive information leakage that could aid an attacker in internal reconnaissance. The skill also requires access to environment variables for sensitive credentials (database, LLM API keys) and performs external network calls, which, while necessary for its functionality, broaden the attack surface.
Capability Assessment
Purpose & Capability
The skill name/description (enterprise semantic search, Text-to-SQL) aligns with the artifacts: it requires FlightSQL connection info and includes vector DB, retriever, and text2sql code. Minor mismatch: SKILL metadata declares only FLIGHT_DB_* as required env vars while documentation and code reference LLM/embedding/rerank configuration (LLM_API_KEY, EMBEDDING_API_KEY, base_url, etc.). This is plausible (DB credentials are mandatory; LLM/embedding may be optional or use local services), but the omission reduces clarity.
Instruction Scope
The runtime code and SKILL.md instruct the agent to read env vars and config files (config.yaml/.env) which is expected. However, main.py and other modules dynamically add parent project paths to sys.path and attempt to import utils.config.CONFIG from a project-level location — this can cause the skill to load configuration from outside the skill bundle (project configs, Nacos configs, or other local files), potentially exposing or using host-level secrets and endpoints. SKILL.md also references a test module (python -m src.test_search) that is not present in the bundle, indicating documentation/code drift.
Install Mechanism
There is no install spec (instruction-only for OpenClaw) and dependencies are listed in requirements.txt. That is lower installer risk than arbitrary downloads, but the dependency list includes non-trivial packages (dashscope, FlagEmbedding, bge-reranker, lancedb, adbc-driver-flightsql) which will pull code from PyPI and may require native builds or network access. No packaged install from unknown URLs was observed.
Credentials
Declared required env vars (FLIGHT_DB_HOST, FLIGHT_DB_PORT, FLIGHT_DB_USER, FLIGHT_DB_PASSWORD) are appropriate for a skill that queries a FlightSQL-backed vector DB. The repository and docs, however, reference additional credentials and internal endpoints (LLM API keys, embedding API keys, several internal IPs/URLs in PROJECT_CONFIG.md). Those additional credentials are not flagged as required in the top-level metadata, which is a documentation inconsistency — in practice Text-to-SQL and query enhancement will need LLM/embedding credentials or reachable local models.
Persistence & Privilege
The skill does not request always: true and has no special platform privileges. It does not appear to modify other skills or system-wide agent settings. Normal autonomous invocation is allowed (platform default).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install semantic-search
  3. After installation, invoke the skill by name or use /semantic-search
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the semantic-search skill. - Supports enterprise-level semantic search for tables, fields, files, and Text-to-SQL data generation. - Integrates with LanceDB (FlightSQL) for vector/BM25 hybrid search. - Provides rerank functionality, LLM-based intent recognition, and SQL generation. - Includes workflow orchestration via LangGraph. - Offers Python and OpenClaw invocation examples, performance indicators, and troubleshooting guidance.
Metadata
Slug semantic-search
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is semantic-search?

企业级语义检索技能,支持表格/字段/文件搜索和 Text-to-SQL 数据生成. It is an AI Agent Skill for Claude Code / OpenClaw, with 447 downloads so far.

How do I install semantic-search?

Run "/install semantic-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is semantic-search free?

Yes, semantic-search is completely free (open-source). You can download, install and use it at no cost.

Which platforms does semantic-search support?

semantic-search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created semantic-search?

It is built and maintained by Sevenal (@sevenal); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments