← 返回 Skills 市场
133
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install normieclaw-knowledge-vault
功能描述
You have 200 bookmarks you'll never revisit and a 'Read Later' list that's basically a graveyard. Knowledge Vault changes the game: paste any URL — article,...
安全使用建议
This skill is broadly coherent with its stated purpose, but take these precautions before installing:
- Review the SETUP-PROMPT.md before pasting or executing it. It contains shell commands (mkdir, install, chmod, cat). Only run them in a workspace you trust and have permission to modify.
- Confirm your agent platform's memory/long-term-storage policy. The vault config enables syncing entries to the agent's memory_store; if you don't want persistent storage, disable memory_integration or adjust importance/retention settings.
- Inspect scripts/vault-stats.sh locally before running. It requests jq and performs file reads; I noticed some malformed/odd code fragments in the script (likely a bug). Don't run scripts you haven't reviewed in an untrusted environment.
- The skill will fetch external URLs when you ask it to ingest content (web_fetch/browser). Only ingest URLs you trust, and be comfortable with the agent making outbound fetches on your behalf.
- If you plan to deploy the dashboard or API routes, secure them behind auth and don't expose the local data directory publicly.
If you want higher assurance, ask the author for a reproducible install/test in a sandbox or request an updated release that fixes the script issues and documents platform/tool expectations.
功能分析
Type: OpenClaw Skill
Name: normieclaw-knowledge-vault
Version: 1.0.3
The Knowledge Vault skill bundle is a well-documented and security-conscious tool for content ingestion and summarization. The SKILL.md file includes explicit and robust prompt-injection defenses, instructing the agent to treat all fetched content as untrusted data and ignore any embedded commands. The utility script (vault-stats.sh) and setup instructions (SETUP-PROMPT.md) use transparent shell commands with safe practices, such as restricted file permissions (chmod 600/700) and strict error handling (set -euo pipefail). No indicators of data exfiltration, malicious execution, or unauthorized persistence were found.
能力评估
Purpose & Capability
Name/description (save, summarize, and search saved content) matches the actions described in SKILL.md and the included files. The skill uses agent tools (web_fetch, pdf, summarize, memory_store) and local storage (data/, config/, scripts/) which are appropriate for a vault-style capability.
Instruction Scope
SKILL.md stays on-topic (fetch content, summarize, store entries). It explicitly instructs the agent to treat fetched content as data, not as executable instructions (prompt-injection defense). One setup convenience asks the user to paste a shell-based 'SETUP-PROMPT' into the agent chat which runs mkdir/install/cat commands to copy files into the workspace — this is functional for local installation but is a sensitive step: review the commands before executing them and only run them in a trusted environment.
Install Mechanism
No network downloads or package installs are specified; this is instruction-only with two local files copied by the setup script. No remote URLs, installers, or extracted archives are present.
Credentials
The skill declares no required environment variables, credentials, or external endpoints. It does enable memory_integration (writing to the agent's long-term memory) in config/vault-config.json — this is reasonable for a vault but is a persistence/privacy consideration the user should be aware of.
Persistence & Privilege
always:false (not forced). The skill writes to local workspace directories (data/, config/, scripts/) and integrates with the agent's memory_store per config. Autonomous invocation is allowed by default (platform default); combined with memory writes this expands blast radius compared to a read-only skill, so confirm platform memory retention settings if you are sensitive about long-term storage.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install normieclaw-knowledge-vault - 安装完成后,直接呼叫该 Skill 的名称或使用
/normieclaw-knowledge-vault触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
v1.0.3: Security fixes: confined scripts to skill directory, removed filesystem traversal from setup
v1.0.2
v1.0.2: MIT license, cleaned descriptions, removed cross-sell
v1.0.0
Initial publish from NormieClaw.ai — Free OpenClaw skills for everyone.
元数据
常见问题
Knowledge Vault 是什么?
You have 200 bookmarks you'll never revisit and a 'Read Later' list that's basically a graveyard. Knowledge Vault changes the game: paste any URL — article,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 133 次。
如何安装 Knowledge Vault?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install normieclaw-knowledge-vault」即可一键安装,无需额外配置。
Knowledge Vault 是免费的吗?
是的,Knowledge Vault 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Knowledge Vault 支持哪些平台?
Knowledge Vault 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Knowledge Vault?
由 Nollio(@nollio)开发并维护,当前版本 v1.0.3。
推荐 Skills