← 返回 Skills 市场
standard-book-learning
作者
buruqinshouburu
· GitHub ↗
· v1.0.0
· MIT-0
130
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install reading-book
功能描述
协调管理书籍学习流程,按顺序调用章节提取、笔记生成、图谱构建及导入模块,跟踪进度并生成总结报告。
安全使用建议
What to consider before installing or running this skill:
- Inspect and edit scripts before running: the neo4j importer docs include a plaintext password; search all files (including .py and .md) for any hardcoded credentials and remove them. Replace with environment variables or a secure config file.
- Provide credentials securely: the skill does not declare required env vars. If you use Neo4j, configure the connection (URI, username, password) via environment variables or a secure secret store, not by editing scripts with plaintext secrets.
- Run in a safe environment first: test in an isolated VM or container and point the importer at a disposable/local Neo4j instance. That avoids accidental import into production databases or exposing real data.
- Be aware of filesystem access: the workflow reads from F:\book and writes to F:\Obsidian. Ensure the paths are correct and that sensitive files are not unintentionally processed. Adjust paths in code if you use a different OS or directory layout.
- Install dependencies explicitly: before running, pip-install required packages (python-docx, PyPDF2, etc.). The package does not declare an install step.
- If you want this skill to run autonomously, consider limiting its permissions and confirm database and file access policies. If anything looks unexpected (other hardcoded endpoints, outbound network calls, or requests for unrelated credentials), do not run the skill and ask the author for clarification.
If you want, I can: (1) scan the included Python scripts for any other hardcoded secrets or external endpoints, (2) suggest specific edits to move credentials to env vars, or (3) produce a checklist to safely run this skill in a VM.
功能分析
Type: OpenClaw Skill
Name: reading-book
Version: 1.0.0
The 'reading-book' skill bundle coordinates a workflow for extracting book chapters, generating Obsidian notes, and importing knowledge into a Neo4j database. The primary security concern is the presence of hardcoded credentials ('12358lpok') for the Neo4j database found in 'neo4j-importer-script.py' and 'neo4j-importer.md'. While the bundle's file system access and local network calls (targeting localhost:7474) are consistent with its stated purpose, the inclusion of hardcoded passwords is a significant security vulnerability. No evidence of intentional malice, data exfiltration, or prompt injection was found.
能力评估
Purpose & Capability
The skill name/description (book learning coordinator) aligns with the provided modules (book-extractor, note-generator, neo4j-cypher-generator, neo4j-importer) and the code implements the expected pipeline. Minor mismatch: all file paths and examples are Windows-specific (F:\book, F:\Obsidian) which reduces portability but is consistent with the described workflow.
Instruction Scope
SKILL.md instructs the agent to read local book files and write notes/progress to F:\Obsidian, and to call the four submodules in sequence — this is within the skill's purpose. The instructions do write to and read from local filesystem paths and expect a local Neo4j endpoint; that is expected for this functionality but means the skill will access user files under those paths.
Install Mechanism
There is no install spec (instruction-only), which is lower risk. The Python scripts reference external libraries (python-docx, PyPDF2, optional OCR libs) but the package/dependency list isn't declared in the registry metadata; users must install these manually. No network download/install URLs were found.
Credentials
The registry declares no required environment variables or credentials, but the neo4j-importer documentation and PowerShell examples include a plaintext password example (ConvertTo-SecureString "12358lpok" -AsPlainText -Force) and use a neo4j username. That is inconsistent: a component that connects to a database normally requires configurable credentials (env vars or config). Hardcoded passwords in docs/scripts are a security risk and indicate missing, undeclared credential handling.
Persistence & Privilege
The skill does not request always:true and does not declare system-wide config modifications. It reads and writes files under F:\Obsidian and F:\book (expected for a note-taking/import skill). Autonomous invocation is enabled by default (normal), but not combined with high privilege settings in this package.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install reading-book - 安装完成后,直接呼叫该 Skill 的名称或使用
/reading-book触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Book Learning Coordinator Skill v1.0.0
- First release: coordinates the complete book learning workflow across four modules (book-extractor, note-generator, neo4j-cypher-generator, neo4j-importer).
- Implements validation of book path and initialization of learning environment.
- Automates chapter-by-chapter processing with per-chapter progress and error tracking.
- Supports generation of learning progress files and final summary reports.
- Includes robust error handling and logging throughout the workflow.
元数据
常见问题
standard-book-learning 是什么?
协调管理书籍学习流程,按顺序调用章节提取、笔记生成、图谱构建及导入模块,跟踪进度并生成总结报告。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 130 次。
如何安装 standard-book-learning?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install reading-book」即可一键安装,无需额外配置。
standard-book-learning 是免费的吗?
是的,standard-book-learning 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
standard-book-learning 支持哪些平台?
standard-book-learning 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 standard-book-learning?
由 buruqinshouburu(@buruqinshouburu)开发并维护,当前版本 v1.0.0。
推荐 Skills