← 返回 Skills 市场
Semantic Vector Store
作者
whoisme007
· GitHub ↗
· v0.1.0
· MIT-0
227
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install semantic-vector-store
功能描述
提供文本向量化、持久化存储及基于余弦相似度的语义搜索,支持增量索引和多后端适配。
安全使用建议
This skill appears to implement a local vector store (SQLite + optional FAISS) and mostly does what it claims, but exercise caution: 1) There is no verified source/homepage — only run it if you trust the publisher or after reviewing the code. 2) Dependencies (sentence-transformers, faiss, numpy) are not declared in the registry; install them in a controlled virtual environment. 3) The implementation uses pickle for persisted data and ID maps — do not point the skill at untrusted DB or index files (pickle deserialization can run arbitrary code). 4) SKILL.md advertises multi-backend support and environment variables, but the code primarily supports a local SQLite+FAISS path — verify the connectors you need are actually implemented. 5) If you decide to install, run it inside an isolated environment (container/VM) until you confirm behavior; consider reviewing the rest of the code (the truncated portion) to ensure there are no network callbacks or hidden endpoints.
功能分析
Type: OpenClaw Skill
Name: semantic-vector-store
Version: 0.1.0
The skill implements a semantic vector store using SQLite and FAISS, but it contains a significant security vulnerability in `scripts/semantic_vector_store.py` due to the use of the `pickle` module for serializing embeddings and ID mappings. Loading data via `pickle.loads()` and `pickle.load()` is inherently insecure and can lead to Remote Code Execution (RCE) if the local database or index files are tampered with. While the code logic appears to align with its stated purpose and no evidence of intentional malice or data exfiltration was found, the use of insecure serialization for persistent storage is a high-risk practice.
能力评估
Purpose & Capability
Name/description describe a vector store and the included code implements a local SQLite+FAISS-backed vector store with embedding support — this is coherent. However, the SKILL.md claims multi-backend support (Pinecone, Weaviate) while the code focuses on local SQLite+FAISS; the registry metadata declares no required env vars while SKILL.md documents several configuration env vars (SEMANTIC_VECTOR_DB_PATH, EMBEDDING_MODEL, etc.). No homepage or source is provided (unknown origin).
Instruction Scope
Runtime instructions and examples are limited to expected operations (init, embed, add, search). The implementation writes a database file under the user's home (~/.config/cortexgraph/semantic_vectors.db) and reads/writes FAISS index files and .ids.pkl files. The code uses pickle to serialize/deserialize embeddings and ID mappings; untrusted or tampered DB/index files could lead to unsafe pickle deserialization. SKILL.md does not warn about this or about trusting DB files.
Install Mechanism
There is no install spec in the registry (instruction-only), but the shipped Python file depends on external packages (sentence-transformers, faiss, numpy) with no declared installation steps or dependency manifest. SKILL.md shows a 'clawhub install' command but there is no explicit dependency installation instructions or pinned sources, which may confuse users and lead to manual, ad-hoc installs.
Credentials
The registry lists no required env vars or credentials, yet SKILL.md documents several configurable env vars (DB path, EMBEDDING_MODEL, VECTOR_DIMENSION, SIMILARITY_THRESHOLD). No credentials are requested (no network API keys), which is proportional to a local vector store. The mismatch between registry requirements and documented env vars is an inconsistency to be aware of.
Persistence & Privilege
The skill persists data to disk in a user config directory and saves FAISS index files and pickle id-maps — this is expected for a vector store. The skill is not marked 'always: true' and does not claim to alter other skills' configs. The notable risk is the local persistence format (pickle), which can execute code when loading if files are maliciously modified.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install semantic-vector-store - 安装完成后,直接呼叫该 Skill 的名称或使用
/semantic-vector-store触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
semantic-vector-store v0.1.0
- 首个 MVP 版本发布,为 OpenClaw 星型记忆架构提供语义向量存储与搜索能力
- 支持多后端(SQLite + FAISS, Pinecone, Weaviate),可插拔统一接口
- 实现文本嵌入、增量向量入库、基于余弦相似度的语义检索
- 提供适配器接口,便于与 Memory Sync Enhanced/Unified Memory 集成
- 内置命令行工具用于向量索引重建、备份和统计信息查看
- 支持多种嵌入模型,支持高达百万量级存储,具备基础性能监控
元数据
常见问题
Semantic Vector Store 是什么?
提供文本向量化、持久化存储及基于余弦相似度的语义搜索,支持增量索引和多后端适配。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 227 次。
如何安装 Semantic Vector Store?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install semantic-vector-store」即可一键安装,无需额外配置。
Semantic Vector Store 是免费的吗?
是的,Semantic Vector Store 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Semantic Vector Store 支持哪些平台?
Semantic Vector Store 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Semantic Vector Store?
由 whoisme007(@whoisme007)开发并维护,当前版本 v0.1.0。
推荐 Skills