← 返回 Skills 市场
326
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install private-knowledge-base
功能描述
Store, search, and summarize concepts across your PDFs and papers with fast semantic search and cross-document Q&A.
安全使用建议
This skill appears to do what it says and works only on local files, but consider the following before installing or running it:
- KB metadata stores the absolute source path in index JSON — if you later upload the KB or share it, that may reveal filesystem layout or sensitive directory names. Consider setting KB_ROOT to a dedicated directory and reviewing index JSON files before sharing.
- The scripts will read any file you pass to them; only give them PDFs you trust. They write extracted text under KB_ROOT/docs and metadata under KB_ROOT/index.
- summarize.sh suggests using 'ollama run qwen3.5' (a local model runtime). That step is optional and not enforced by the scripts; if you run it, verify your ollama setup and understand whether that model is local or configured to call an external service.
- The scripts rely on pdftotext or python (pypdf). Installing those packages may be required; install them from well-known sources.
- If you plan to back up or share the KB, review contents for sensitive information (full paths, PII in extracted text) first.
Overall this is internally consistent and low-risk for local use, but be cautious about storing or sharing the generated index and text files.
功能分析
Type: OpenClaw Skill
Name: private-knowledge-base
Version: 1.0.0
The skill bundle contains critical command injection vulnerabilities in `scripts/ingest.sh`. Specifically, the script constructs a Python command string using unquoted shell variables (`$PDF_PATH`), which allows for arbitrary Python code execution if a filename contains single quotes. Furthermore, the script uses unquoted variables within a shell heredoc to generate metadata, enabling command substitution (e.g., via backticks or `$()`) if a filename is maliciously crafted. While these flaws provide a path for Remote Code Execution (RCE), they appear to be unintentional security oversights in a functional document management system rather than intentional malware.
能力评估
Purpose & Capability
Name/description match the included scripts and schema: ingestion, text extraction, simple search, and summarization workflows are implemented by the shell scripts and index schema. No unrelated credentials, binaries, or services are requested.
Instruction Scope
Scripts only read user-supplied PDF files and write extracted text, embeddings folder, and index JSON under KB_ROOT (default ~/kb). Two noteworthy items: (1) metadata stores the full source path in index JSON (may reveal filesystem layout or sensitive path names), and (2) summarize.sh prints a suggested command using 'ollama run qwen3.5' — that is an external model invocation the README suggests but is not enforced by the scripts. Otherwise instructions are scoped to the stated purpose.
Install Mechanism
No install spec — instruction-only with local shell scripts. Scripts rely on common local tools (pdftotext, python3, pypdf) but do not download or execute remote code. This is low-risk relative to other install types.
Credentials
No required environment variables or credentials are declared. An optional KB_ROOT env var is used to choose storage location, which is proportionate. No other secrets or unrelated env vars are requested.
Persistence & Privilege
always:false and user-invocable default. The skill does not request permanent system-wide presence, does not modify other skills' config, and only writes files under the configured KB_ROOT.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install private-knowledge-base - 安装完成后,直接呼叫该 Skill 的名称或使用
/private-knowledge-base触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of personal knowledge base for PDFs, papers, and documents
- Supports ingestion of single PDFs or entire folders into the knowledge base
- Enables fast semantic search and cross-document Q&A over stored documents
- Provides tools for summarizing concepts across multiple documents and linking related content
- Includes scripts for document ingestion, search, and summarization
- Offers configuration options for KB storage location
元数据
常见问题
Private Knowledge Base 是什么?
Store, search, and summarize concepts across your PDFs and papers with fast semantic search and cross-document Q&A. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 326 次。
如何安装 Private Knowledge Base?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install private-knowledge-base」即可一键安装,无需额外配置。
Private Knowledge Base 是免费的吗?
是的,Private Knowledge Base 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Private Knowledge Base 支持哪些平台?
Private Knowledge Base 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Private Knowledge Base?
由 wirec(@wirec-yzx)开发并维护,当前版本 v1.0.0。
推荐 Skills