← 返回 Skills 市场

The Librarian

Name: The Librarian
Author: rochyroch

作者 Enda · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install thelibrarian

功能描述

Build and search lightweight quantized document indexes with TurboVec. Use when you need to create searchable indexes from documents for RAG applications wit...

安全使用建议

This skill appears coherent for building/searching TurboVec quantized indexes, but before installing: 1) Confirm where embeddings are sent — the scripts default to http://host.docker.internal:11434 (an Ollama-style local endpoint). If you run the tool, embedding text will be POSTed to whichever API URL you supply; point it to a trusted local service or a trusted remote provider. 2) SKILL.md/help mention an OLLAMA_API env var but the scripts use a default and accept --api — set the --api flag or edit the code if you need a different endpoint. 3) Run the code in an isolated environment (dedicated venv/container) when indexing sensitive documents. 4) Review and vet third-party packages (turbovec, flashrank, rank-bm25) before pip installing them. 5) For high-risk documents (medical, legal, financial) follow the author's own advice and use a higher-accuracy/approved setup (e.g., FAISS) or ensure your embedding provider and runtime are fully trusted.

功能分析

Type: OpenClaw Skill Name: thelibrarian Version: 1.0.1 The skill bundle implements a legitimate document indexing and search system but contains a critical security vulnerability. Specifically, 'scripts/search.py' uses 'pickle.load()' to deserialize the BM25 index from the disk, which allows for Remote Code Execution (RCE) if the agent is directed to search a malicious or untrusted index directory. Additionally, 'scripts/librarian.sh' utilizes 'LD_PRELOAD' to load the BLAS library; while this is documented as a requirement for the 'turbovec' dependency, it is a high-risk mechanism that could be abused. No evidence of intentional malice, data exfiltration, or harmful prompt injection was found.

能力标签

cryptocan-make-purchases

能力评估

✓ Purpose & Capability

The name/description (lightweight quantized document index/search) matches the included scripts: build_index.py, search.py, and a wrapper. Required libraries (turbovec, rank-bm25, flashrank, numpy, requests) and use of an embedding API are appropriate for the described functionality.

ℹ Instruction Scope

Runtime instructions and scripts operate only on user-supplied document directories and write index files to the specified output directory. The code makes network calls only to an embedding service (requests.post to an Ollama-style API URL). The SKILL.md mentions an OLLAMA_API environment variable in help text, but the Python scripts default to a hard-coded DEFAULT_OLLAMA_API and accept a --api flag — a minor mismatch in where the config is read from.

✓ Install Mechanism

No install spec is provided (instruction-only install). The skill expects the user to create a local virtualenv and pip-install dependencies; nothing is downloaded or executed silently by an installer in the package itself.

ℹ Credentials

The skill requests no declared credentials or config paths. However, it posts document text to an embedding API (default: http://host.docker.internal:11434). This is necessary for embeddings but means the user must trust the endpoint they point to; SKILL.md/help references an OLLAMA_API env var but the scripts rely on a default or CLI flag, so confirm where embeddings will be sent.

✓ Persistence & Privilege

always is false, the skill does not require persistent platform privileges, and it confines file writes to the index output path. It does not modify other skills or system-wide configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install thelibrarian
安装完成后，直接呼叫该 Skill 的名称或使用 /thelibrarian 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

- Version bump to 1.0.1 with no code or documentation changes. - No file modifications detected; functionality and documentation remain unchanged.

v1.0.0

RAG for Low resource systems. Built for OpenClaw Edge Device Deployment. - Initial release of The Librarian skill. - Enables building and searching lightweight quantized document indexes with TurboVec. - Designed for semantic search and RAG applications on resource-constrained hardware (e.g., Raspberry Pi). - Supports hybrid search (vector + BM25) and optional Flashrank reranking. - Achieves 8-16x smaller indexes than FAISS with ~97-98% of FAISS accuracy at 4-bit quantization. - Ideal for personal or team use cases requiring efficient document search without heavy infrastructure. Like it? https://buymeacoffee.com/endarochfov

元数据

Slug thelibrarian

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

The Librarian 是什么？

Build and search lightweight quantized document indexes with TurboVec. Use when you need to create searchable indexes from documents for RAG applications wit... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 95 次。

如何安装 The Librarian？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install thelibrarian」即可一键安装，无需额外配置。

The Librarian 是免费的吗？

是的，The Librarian 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

The Librarian 支持哪些平台？

The Librarian 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 The Librarian？

由 Enda（@rochyroch）开发并维护，当前版本 v1.0.1。