← Back to Skills Marketplace
Semantic Vector Store
by
whoisme007
· GitHub ↗
· v0.1.0
· MIT-0
227
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install semantic-vector-store
Description
提供文本向量化、持久化存储及基于余弦相似度的语义搜索,支持增量索引和多后端适配。
Usage Guidance
This skill appears to implement a local vector store (SQLite + optional FAISS) and mostly does what it claims, but exercise caution: 1) There is no verified source/homepage — only run it if you trust the publisher or after reviewing the code. 2) Dependencies (sentence-transformers, faiss, numpy) are not declared in the registry; install them in a controlled virtual environment. 3) The implementation uses pickle for persisted data and ID maps — do not point the skill at untrusted DB or index files (pickle deserialization can run arbitrary code). 4) SKILL.md advertises multi-backend support and environment variables, but the code primarily supports a local SQLite+FAISS path — verify the connectors you need are actually implemented. 5) If you decide to install, run it inside an isolated environment (container/VM) until you confirm behavior; consider reviewing the rest of the code (the truncated portion) to ensure there are no network callbacks or hidden endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: semantic-vector-store
Version: 0.1.0
The skill implements a semantic vector store using SQLite and FAISS, but it contains a significant security vulnerability in `scripts/semantic_vector_store.py` due to the use of the `pickle` module for serializing embeddings and ID mappings. Loading data via `pickle.loads()` and `pickle.load()` is inherently insecure and can lead to Remote Code Execution (RCE) if the local database or index files are tampered with. While the code logic appears to align with its stated purpose and no evidence of intentional malice or data exfiltration was found, the use of insecure serialization for persistent storage is a high-risk practice.
Capability Assessment
Purpose & Capability
Name/description describe a vector store and the included code implements a local SQLite+FAISS-backed vector store with embedding support — this is coherent. However, the SKILL.md claims multi-backend support (Pinecone, Weaviate) while the code focuses on local SQLite+FAISS; the registry metadata declares no required env vars while SKILL.md documents several configuration env vars (SEMANTIC_VECTOR_DB_PATH, EMBEDDING_MODEL, etc.). No homepage or source is provided (unknown origin).
Instruction Scope
Runtime instructions and examples are limited to expected operations (init, embed, add, search). The implementation writes a database file under the user's home (~/.config/cortexgraph/semantic_vectors.db) and reads/writes FAISS index files and .ids.pkl files. The code uses pickle to serialize/deserialize embeddings and ID mappings; untrusted or tampered DB/index files could lead to unsafe pickle deserialization. SKILL.md does not warn about this or about trusting DB files.
Install Mechanism
There is no install spec in the registry (instruction-only), but the shipped Python file depends on external packages (sentence-transformers, faiss, numpy) with no declared installation steps or dependency manifest. SKILL.md shows a 'clawhub install' command but there is no explicit dependency installation instructions or pinned sources, which may confuse users and lead to manual, ad-hoc installs.
Credentials
The registry lists no required env vars or credentials, yet SKILL.md documents several configurable env vars (DB path, EMBEDDING_MODEL, VECTOR_DIMENSION, SIMILARITY_THRESHOLD). No credentials are requested (no network API keys), which is proportional to a local vector store. The mismatch between registry requirements and documented env vars is an inconsistency to be aware of.
Persistence & Privilege
The skill persists data to disk in a user config directory and saves FAISS index files and pickle id-maps — this is expected for a vector store. The skill is not marked 'always: true' and does not claim to alter other skills' configs. The notable risk is the local persistence format (pickle), which can execute code when loading if files are maliciously modified.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install semantic-vector-store - After installation, invoke the skill by name or use
/semantic-vector-store - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
semantic-vector-store v0.1.0
- 首个 MVP 版本发布,为 OpenClaw 星型记忆架构提供语义向量存储与搜索能力
- 支持多后端(SQLite + FAISS, Pinecone, Weaviate),可插拔统一接口
- 实现文本嵌入、增量向量入库、基于余弦相似度的语义检索
- 提供适配器接口,便于与 Memory Sync Enhanced/Unified Memory 集成
- 内置命令行工具用于向量索引重建、备份和统计信息查看
- 支持多种嵌入模型,支持高达百万量级存储,具备基础性能监控
Metadata
Frequently Asked Questions
What is Semantic Vector Store?
提供文本向量化、持久化存储及基于余弦相似度的语义搜索,支持增量索引和多后端适配。 It is an AI Agent Skill for Claude Code / OpenClaw, with 227 downloads so far.
How do I install Semantic Vector Store?
Run "/install semantic-vector-store" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Semantic Vector Store free?
Yes, Semantic Vector Store is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Semantic Vector Store support?
Semantic Vector Store is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Semantic Vector Store?
It is built and maintained by whoisme007 (@whoisme007); the current version is v0.1.0.
More Skills