统一知识库（#kb）

统一知识库入口技能（#kb）。当用户发送内容并标记 #kb 时触发。 自动完成：素材下载 → IMA 知识库存储 → workspace/kb 归档 → memory 记录。 支持：微信公众号文章、网页链接、YouTube 视频（字幕提取）、纯文本、文件路径。

This skill is plausibly doing what it says (ingesting links/text into a KB), but it has several red flags you should clear up before installing or giving it access to your environment: - Credentials and secrets: The script expects IMA credentials but reads them from /home/xdl/.openclaw/workspace/.secrets/ima.env (not the declared env vars). Ask the author to (a) clearly declare required env vars or config paths in the registry metadata, and (b) prefer standard environment variables or an explicit config prompt instead of silently reading a file in a fixed path. - Hard-coded destination: It contains a hard-coded IMA_KB_ID and will store uploads to that KB by default without asking. Confirm who owns that KB ID and change the code to require user confirmation or configuration before uploading. - Cookie and local file access: YouTube subtitle download uses a fixed cookie file (/tmp/youtube_cookies.txt). That file may contain sensitive cookies. Only provide such a cookie file in a controlled/sandboxed environment and prefer a per-run prompt instead of a fixed path. - Undeclared runtime dependencies: yt-dlp, node, and (optionally) Whisper/other transcription tools are required at runtime but not listed. Ensure those binaries are installed from trusted sources or run the skill in an isolated environment. - Third-party scripts: The skill invokes a local wechat-article-reader script at a fixed path. Verify the origin and contents of that script before running. - Recommended actions before use: (1) Request the skill author to update metadata to list required env vars and paths; (2) remove or make configurable the hard-coded IMA_KB_ID and fixed cookie path; (3) prefer explicit credential prompts or documented env var names; (4) audit network endpoints (ima.qq.com) and the wechat script; (5) run first in a sandboxed account or container and inspect what files it reads/writes. If the author cannot or will not make these changes, treat the skill as untrusted and do not provide real credentials or cookies.

Type: OpenClaw Skill Name: unified-kb Version: 1.1.0 The skill provides a unified knowledge base entry system but contains a significant security vulnerability: it allows reading arbitrary local files via the 'file' content type without any path sanitization or validation in `scripts/store_kb.py`. An attacker or a malicious prompt could trick the agent into reading sensitive files (e.g., SSH keys, `/etc/passwd`, or the `.secrets/ima.env` file itself) and uploading them to the IMA cloud or local storage. Additionally, the script relies on hardcoded absolute paths and executes a local rebuild script, which increases the risk of unauthorized file access or execution in non-standard environments.