← 返回 Skills 市场

Book Review Skill

Name: Book Review Skill
Author: harrylabsj

作者 haidong · GitHub ↗ · v1.0.4 · MIT-0

cross-platform ⚠ suspicious

335

总下载

当前安装

版本数

在 OpenClaw 中安装

/install book-review-skill

功能描述

Expand reading insights into in-depth reviews using local templates only. SAFE VERSION: No external API calls, no filesystem access, no secrets required.

使用说明 (SKILL.md)

Book Review Skill (Safe Version)

Expand reading insights into in-depth reviews using local templates only.

🔒 Security Features

No External API Calls: All processing happens locally, no data sent to external services
No Filesystem Access: Does not read or write to your filesystem
No Secrets Required: No API keys, tokens, or credentials needed
Privacy First: Your reading insights never leave your local environment

Features

📖 Insight Expansion: Expand short reading notes into in-depth book reviews
🔒 Local Processing: All templates processed locally with no external dependencies
📋 Multiple Formats: Brief, detailed, and comprehensive review options
💡 Related Concepts: Get suggested related learning concepts

Commands

/book-review [insight] - Generate a detailed book review
/book-review-brief [insight] - Generate a brief review
/book-review-related [insight] - Get related concepts for the insight

Usage Examples

/book-review Today I read about deliberate practice and found it very inspiring
/book-review-brief The importance of spaced repetition in learning
/book-review-related How to build effective learning habits

Technical Details

TypeScript implementation
OpenClaw SDK integration
Pure Local Processing: No network calls, no file I/O
Version: 1.0.4 (Safe Release)

Safety Assurance

This skill has been specifically designed to address ClawHub security concerns:

✅ No External Dependencies: Removed all external API calls
✅ No Filesystem Access: No reading of local notes or files
✅ No Secrets: No environment variables or API keys required
✅ Transparent Processing: All logic visible in source code

Installation

clawhub install book-review-skill

Requirements

Node.js >= 18.0.0
OpenClaw >= 2026.3.0

安全使用建议

The runtime code implements a safe, local-only template reviewer, but the README and examples advertise features (DeepSeek API, note searching, Lunr.js, fs-extra, environment variables for API keys and note paths) that would require filesystem and network access. Before installing: 1) Ask the publisher which variant you will get (safe/local-only vs. a fuller version that reads files and calls APIs). 2) Inspect the installed bundle (dist/bundle.js or dist/index.js) after installation for any fs, net/http, child_process, or process.env access. 3) If you must test, run the skill in an isolated sandbox or VM and monitor outbound network traffic. 4) Prefer the explicit local-only build (the provided src/dist files appear local-only); avoid providing DEEPSEEK_API_KEY or note-path secrets until the author confirms why README differs. If you need higher assurance, request an authoritative source or signed release matching the SKILL.md.

功能分析

Type: OpenClaw Skill Name: book-review-skill Version: 1.0.4 The skill bundle is classified as suspicious due to a major contradiction between its 'Safe Version' claims and its metadata/documentation. While the code in index.js and SKILL.md is benign and limited to local string templates, the README.md and package.json describe a version that requires sensitive credentials (DEEPSEEK_API_KEY) and filesystem access. Furthermore, package.json includes devDependencies for filesystem crawling and indexing (fs-extra, lunr, glob) that are not used in the provided source, suggesting a potential 'bait-and-switch' where users are encouraged to set up sensitive environment variables for a supposedly safe tool.

能力评估

ℹ Purpose & Capability

The skill's name, SKILL.md, and the actual src/dist code implement a local template-based book-reviewer that requires no files, network, or secrets — that is coherent. However README.md, architecture docs, and examples repeatedly describe note searching, Lunr.js indexing, fs-extra, and a DeepSeek API integration (including examples setting DEEPSEEK_API_KEY and note paths). That documentation is inconsistent with the code and declared zero requirements, which is unexpected and worth asking the author about.

⚠ Instruction Scope

SKILL.md explicitly promises 'No External API Calls', 'No Filesystem Access', and 'No Secrets Required', and the src/dist code abides by that promise (no fs, no network calls, just string templates and local concept map). But README and config examples instruct the user to set DEEPSEEK_API_KEY and configure note paths, and describe modules (Lunr.js, fs-extra) and features (note search, indexing) that would require filesystem and network access. This conflicting instruction surface grants the agent ambiguous authority and could confuse users about what will actually run.

✓ Install Mechanism

No install spec is provided (instruction-only in registry), and the repository contains normal Node packaging files (package.json, build scripts). There are no downloads from untrusted URLs or extraction steps in the metadata. The risk is low from the install mechanism itself; however, the package includes build scripts referencing esbuild and typical dev tooling — standard for Node projects.

⚠ Credentials

The registry metadata and SKILL.md declare no required environment variables, and the runtime code does not read any env vars. But README and configuration examples list DEEPSEEK_API_KEY, BOOK_REVIEW_NOTE_PATHS, and other env vars, implying the need for secrets and filesystem access in another (non-shipped) mode. This discrepancy makes it unclear whether secret-bearing env vars might be used in alternate builds or earlier versions.

✓ Persistence & Privilege

The skill does not request always:true, needs no config paths, and its setup/teardown only log messages. It does not modify other skills' configs or request elevated persistence. Autonomous invocation is allowed by default (expected) but not a new concern here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install book-review-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /book-review-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.4

**Major security-focused update: Book Review skill now runs entirely locally with no external dependencies.** - Removed all external API calls, filesystem access, and secret requirements. - Now operates exclusively with local templates—no note searching or external references. - Added three review modes: detailed, brief, and related concepts. - Updated documentation to emphasize privacy, safety, and new commands. - Cleaned up file structure and removed legacy/test code.

v1.0.2

- Bumped version to 1.0.2. - Minor documentation adjustments; updated SKILL.md formatting and metadata with new version.

v1.0.1

- English localization of documentation and descriptions. - Added compiled JavaScript and TypeScript definition files to the dist directory. - Updated usage instructions, feature list, and metadata in SKILL.md. - No functional changes to core features; release includes build-related and documentation improvements.

v1.0.0

Book Review Skill v1.0.0 - 首个版本发布，支持扩展读书心得为有深度的书评 - 可智能从用户笔记库搜索并引用相关内容 - 根据阅读历史个性化推荐相关书籍 - 支持综合多知识点的深度分析 - 支持通过 /book-review 指令快速生成书评 - 依赖环境：Node.js >= 18.0.0，OpenClaw >= 2026.3.0

元数据

Slug book-review-skill

版本 1.0.4

许可证 MIT-0

累计安装 1

当前安装数 0

历史版本数 4

常见问题