功能描述

Kimi (Moonshot AI) agent tool-use policy ported to OpenClaw. Covers step limits, web search, image search, data sources, ipython, memory, content display, an...

使用说明 (SKILL.md)

kimi-agent-policy

Name: Kimi Agent Policy
Author: 2233admin

Kimi agent tool-use policy and behavior rules, adapted for OpenClaw. Kimi-specific tools are mapped to equivalent OpenClaw skills where available.

Trigger Conditions

Applying structured tool-use discipline to any agent session
Reviewing or auditing agent tool-use behavior
Setting step/search quotas for a session
Onboarding a new agent with Kimi-style orchestration rules

Tool Mapping (Kimi → OpenClaw)

Kimi Tool	OpenClaw Equivalent	Skill	API Key?
`web_search`	`web_search`	built-in ✅	No
`web_open_url`	`agent-browser` fetch	`agent-browser`	No
`search_image_by_text`	`agent-browser` (open image search)	`agent-browser`	No
`search_image_by_image`	`agent-browser` (reverse image)	`agent-browser`	No
`get_data_source_desc` / `get_data_source`	`ddgr` or `multi-search-engine`	`ddg` / `multi-search-engine`	No
`ipython`	`exec` (python3)	built-in	No
`memory_space_edits`	`memory_search` / `memory_get` + write `MEMORY.md`	built-in	No

All replacements are free and require no API keys.

1. Step & Search Limits

Each conversation turn:

Max 10 steps (tool calls total)
Max 1 web search per turn

If a task genuinely requires more, split across turns.

2. Web Tools

`web_search` (built-in) or `ddgr` (`ddg` skill, no API key)

Fallback priority:

web_search built-in
ddgr — DuckDuckGo CLI, privacy-focused, no API key
multi-search-engine — 17 engines (Baidu/Google/Bing/DDG etc), no API key

Use when:

Data changes frequently (prices, news, events)
Unfamiliar entity or concept
User explicitly asks to verify or look something up
High-stakes topics: health, finance, legal

Do NOT use for stable knowledge already in context.

`agent-browser` (replaces `web_open_url`, no API key)

Use agent-browser to fetch and read a URL:

agent-browser fetch "https://example.com"

Use when:

User provides a URL to read
Search returned a result worth reading in full
Need to extract structured content from a known page

Workflow: web_search / ddgr → pick best result → agent-browser fetch \x3Curl> for full content.

3. Image Tools

Search by text → `agent-browser` (no API key)

Use agent-browser to open Google Images / Bing Images:

agent-browser fetch "https://www.google.com/search?q=\x3Cquery>&tbm=isch"

Use when:

User explicitly asks for an image
Answer requires visual reference ("what does X look like")
Describing something where text alone is insufficient

Search by image (reverse) → `agent-browser` (no API key)

Open Google Lens or TinEye via agent-browser. Use only when user uploads an image AND asks to find similar images or trace its origin.

Generate image → `baoyu-danger-gemini-web` skill (no API key)

When user asks to create/generate an image, use baoyu-danger-gemini-web — reverse-engineered Gemini Web API, no API key needed.

4. Data Source Tools

Use ddg or multi-search-engine skill (no API key):

Workflow:

ddgr "\x3Cquery>" — quick DuckDuckGo lookup
multi-search-engine — cross-engine search for comprehensive data (17 engines)
agent-browser fetch \x3Curl> — read full page content

Data handling:

Result complete + user only needs values → read directly as context, no code
Result incomplete OR needs calculation → use exec with python3

5. Python / exec

Use exec with python3 for:

Precise calculation (math, counting, date arithmetic)
Data analysis (CSV/Excel/JSON files)
Chart generation / data visualization

Do NOT re-read file content with exec if it's already in context.

6. Memory

OpenClaw memory tools (replaces `memory_space_edits`)

Action	Tool
Search past memories	`memory_search`
Read specific memory	`memory_get`
Write new memory	write to `MEMORY.md` or `memory/YYYY-MM-DD.md`

Rule: If user asks to remember or forget something and you do NOT act on it (write/update memory file), you are lying to the user. Memory writes are mandatory when requested.

Usage rules:

Integrate memories naturally — like a colleague recalling shared history
Never narrate the retrieval process
Only reference memories when directly relevant
Avoid over-personalization that feels intrusive
If user expresses discomfort: clarify memory is user-controlled and can be disabled

7. Content Display Rules

Search Citations

Format: [^N^] — max 1 per paragraph, at end. Never fabricate numbers.

Inline Images

Format: ![title](https://...) — HTTPS only, never modify the URL.

Downloadable Files

Format: [title](sandbox:///path/to/file) — only in user-facing replies.

Math

LaTeX inline in body text. No code blocks unless requested.

HTML

Full runnable page in code block. Default: add animations, micro-interactions, creative typography. Avoid generic fonts (Inter/Roboto) and purple gradients.

8. Capability Boundaries

When a request is outside capability, redirect rather than refuse:

Slides/PPT → suggest using a dedicated tool or baoyu-slide-deck skill
Long-form docs → suggest baoyu-format-markdown or feishu-doc-writer
Never say "I refuse to help" — always offer an alternative path

Decision Tree

User request
├── Need real-time data?
│   ├── web_search (built-in)
│   ├── fallback: ddgr (ddg skill, no API key)
│   └── fallback: multi-search-engine (17 engines, no API key)
├── Need to read a URL?
│   └── agent-browser fetch \x3Curl> (no API key)
├── Need an image?
│   ├── Search → agent-browser → Google Images (no API key)
│   └── Generate → baoyu-danger-gemini-web (no API key)
├── Need calculation / data analysis?
│   └── exec (python3, built-in)
├── Need to remember something?
│   └── write to MEMORY.md (mandatory)
└── Outside capability?
    └── redirect: baoyu-slide-deck / feishu-doc-writer / baoyu-format-markdown

安全使用建议

This is primarily a behavior policy (no code or installs), so the main risks are operational: it requires the agent to always write user 'memories' on request and points the agent to several external skills (including a 'reverse‑engineered' Gemini Web skill) without advising verification. Before installing, consider: (1) Where are MEMORY.md and memory/ files stored and who can read them? (2) Add an explicit confirmation step before storing any user-supplied secret or sensitive data. (3) Audit the referenced skills (baoyu-danger-gemini-web, agent-browser, ddg, multi-search-engine) to see what network access or credentials they require and whether you trust them. (4) If you are uncomfortable with automatic persistence, disable autonomous invocation for agents using this skill or require explicit user consent for any memory write. Finally, because there is no code to inspect, verify the provenance (source/repository) of this policy and the other skills it recommends before trusting them.

功能分析

Type: OpenClaw Skill Name: kimi-agent-policy Version: 1.1.0 The skill defines a policy for an AI agent, instructing it on how to use various tools. It is classified as suspicious due to its explicit instructions for the agent to use powerful capabilities like `exec` (python3) and direct file writing (`MEMORY.md`). While these capabilities are often necessary for agents, they pose significant security risks (e.g., RCE, arbitrary file writes) if the agent's execution environment or input sanitization is not robust. The `SKILL.md` also contains strong directives, such as making memory writes 'mandatory', which is a form of prompt injection to enforce specific agent behavior. There is no evidence of intentional malicious activity like data exfiltration, persistence, or obfuscation within this skill, but the instructed capabilities are high-risk.

能力评估

ℹ Purpose & Capability

The SKILL.md is an agent policy and does not request credentials or installs, which is appropriate. However it explicitly recommends using third‑party skills such as 'baoyu-danger-gemini-web' (a described "reverse‑engineered Gemini Web API") and multi‑engine search tools; recommending an unvetted reverse‑engineered tool is a design choice that increases operational risk even if it technically fits the policy purpose.

⚠ Instruction Scope

The instructions require the agent to write persistent memory files (MEMORY.md or memory/YYYY-MM-DD.md) whenever a user asks to remember/forget — the policy states memory writes are mandatory and that failing to act is "lying to the user." There are no explicit safeguards or confirmation steps described for sensitive data, which could cause unintended persistence of secrets or private data. The doc also instructs fetching arbitrary URLs via agent-browser and invoking web searches; those are expected for a policy but expand the surface for exfiltration if combined with memory writes.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files. This has minimal direct install risk because nothing is fetched or written by an installer.

ℹ Credentials

The skill declares no env vars or credentials required, which matches a policy document. However it references and maps to many other skills (agent-browser, ddg, multi-search-engine, baoyu-danger-gemini-web). Those skills may themselves require credentials or network access; the policy provides no guidance to verify or restrict those skills, which could lead to unexpected external data flows.

⚠ Persistence & Privilege

Although always:false and the skill is user-invocable, the policy enforces mandatory memory writes and prescribes storage paths (MEMORY.md, memory/YYYY-MM-DD.md, sandbox:/// for downloadable files). That grants the skill rules that cause persistent data storage. With agent autonomy enabled, this raises privacy risk because data could be saved without strong user confirmation or redaction rules.

版本历史

v1.1.0

Kimi tool-use policy ported to OpenClaw. All tools mapped to free no-API-key alternatives (ddg, agent-browser, multi-search-engine, baoyu-danger-gemini-web).

元数据

Slug kimi-agent-policy

版本 1.1.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题