← 返回 Skills 市场
435
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install knowledgebase-share
功能描述
Operate a multi-agent shared knowledge layer backed by one GitHub repository. Use when setting up shared/private knowledge folders, enforcing branch+PR workf...
使用说明 (SKILL.md)
Knowledgebase Share
Use this skill as the single operating system for multi-agent knowledge storage.
Privacy rule (critical)
This is a reusable/public skill. Never hardcode user-specific repo URLs, paths, or secrets in SKILL.md.
Always read config from references/kb-config.json (or user-provided override) before executing.
Required config
Read references/kb-config.json first.
Fields:
repo_url: canonical GitHub repo URL for knowledge storagelocal_path: local clone pathbranch: default branch (usuallymain)private_root: private notes root folder (defaultprivate)shared_root: shared notes root folder (defaultshared)
Repository model
\x3Cknowledge-repo>/
private/\x3Cagent>/
shared/
00_rules/
10_projects/
20_research/
30_decisions/
40_playbooks/
90_archive/
meta/
templates/
Branch model
main: stable shared knowledgeagent/\x3Cname>: per-agent working branch- Shared knowledge enters
mainonly via PR
Operating rules
- Pull/rebase before writing:
git pull --rebase origin \x3Cbranch> - Keep private drafts in
private/\x3Cagent>/ - Promote reusable content to
shared/via PR - Never force-push
main - No secrets/tokens in repository content
- Resolve conflicts by preserving both versions first, then refactor
Standard flows
A) Agent daily write (private)
- checkout
agent/\x3Cname> - write to
\x3Cprivate_root>/\x3Cname>/... - commit + push branch
B) Promote to shared knowledge
- copy/refine note into
\x3Cshared_root>/... - commit on
agent/\x3Cname> - open PR to
main - merge after review
C) Consume latest shared knowledge
- checkout local branch
git fetch origin- rebase from latest
main
Minimal commands (template)
# first-time clone
git clone \x3Crepo_url> \x3Clocal_path>
# create agent branch
cd \x3Clocal_path>
git checkout -b agent/\x3Cname>
# sync branch
git pull --rebase origin agent/\x3Cname>
# push updates
git push origin agent/\x3Cname>
Boundary
- This skill governs knowledge layer operations only.
- Constitution / hard governance rules are maintained in the independent constitution system.
安全使用建议
Before installing/running: (1) Review and set references/kb-config.json so repo_url points to a trusted repository and local_path is correct. (2) Understand that the scripts will run git pull/rebase and git push using your host's git credentials — do not point repo_url to an untrusted remote. (3) Ensure required tools (git, and jq if you want JSON config parsing) are installed; note that '~' in the JSON will not be shell-expanded by the scripts (edit to an absolute path). (4) Use --no-push or mode=status to dry-run and inspect changes before pushing. (5) Avoid storing secrets in repo content; consider using a deploy key or least-privileged token for CI/automation. If you want stronger assurances, ask the skill author to declare required binaries and to add explicit validation of config values and path expansion.
功能分析
Type: OpenClaw Skill
Name: knowledgebase-share
Version: 0.3.2
The skill bundle is designed to manage a Git-backed knowledge base, with `SKILL.md` and `references/ops-playbook.md` outlining legitimate operational procedures. However, the `scripts/init_kb_repo.sh` and `scripts/sync_kb.sh` files contain shell injection vulnerabilities. Parameters like `KB_PATH`, `REPO_URL`, `BRANCH`, and `MSG` are directly interpolated into `git` commands without comprehensive sanitization or escaping, allowing for potential arbitrary command execution if an attacker can control these inputs (e.g., via a crafted `kb-config.json` or command-line arguments). This represents a critical vulnerability rather than intentional malice.
能力评估
Purpose & Capability
The name/description match the included scripts and SKILL.md: all actions are Git-based repository operations (clone, branch, pull/rebase, push) against a configured repo_url. There are no requested credentials or network endpoints outside the canonical Git remote model, so the requested capabilities align with the stated purpose.
Instruction Scope
SKILL.md and the scripts stick to knowledge-layer git workflows. However, the scripts perform push/pull/rebase operations which will transmit repository contents to/from whatever remote is configured and will use the agent/host's Git credentials (SSH keys or HTTPS tokens). The skill warns not to hardcode secrets, but does not enforce it — accidental inclusion of secrets in notes could be pushed to the remote.
Install Mechanism
There is no install spec or external downloads (instruction-only + bundled scripts), which is low risk. Note: the scripts assume command-line tools (git and optionally jq) but the skill metadata did not declare required binaries; those tools must exist on the host for correct operation.
Credentials
The skill does not request environment variables or credentials directly (good). It implicitly relies on the host's git configuration and credentials (SSH keys or cached HTTPS credentials). This is proportionate to the task but means the operator must ensure the configured repo_url is trusted — misconfiguring it could send data to an attacker-controlled remote.
Persistence & Privilege
always is false; the skill does not request permanent platform-wide privileges and it only writes to the configured local_path. It does not alter other skills or system agent config. Files and directories are created under the user-specified local_path, which is expected behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install knowledgebase-share - 安装完成后,直接呼叫该 Skill 的名称或使用
/knowledgebase-share触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.3.2
Security alignment fix: scripts now read kb-config.json, remove hardcoded paths, and support safer no-push mode
v0.3.1
Make skill fully generic: remove hardcoded user repo/path and add references/kb-config.json for configurable storage
v0.3.0
Refocus skill to single GitHub knowledge-layer workflow: private/shared folders, agent branches, PR-to-main promotion, and canonical repo reed1898/agent-knowledge-layer
v0.1.0
Initial release: Obsidian + GitHub multi-host KB sync skill with init/sync scripts and ops playbook
元数据
常见问题
Knowledgebase Share 是什么?
Operate a multi-agent shared knowledge layer backed by one GitHub repository. Use when setting up shared/private knowledge folders, enforcing branch+PR workf... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 435 次。
如何安装 Knowledgebase Share?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install knowledgebase-share」即可一键安装,无需额外配置。
Knowledgebase Share 是免费的吗?
是的,Knowledgebase Share 完全免费(开源免费),可自由下载、安装和使用。
Knowledgebase Share 支持哪些平台?
Knowledgebase Share 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Knowledgebase Share?
由 Reed(@reed1898)开发并维护,当前版本 v0.3.2。
推荐 Skills