← 返回 Skills 市场
580
总下载
2
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install worldbook
功能描述
AI's Knowledge Base CLI - Query and manage world knowledge for AI agents. Use when users want to search knowledge, add knowledge sources, or interact with th...
安全使用建议
This skill is plausible for its stated purpose but has two practical risks you should consider before installing/using it: (1) The SKILL.md assumes and recommends installing a third‑party 'worldbook' CLI from PyPI/npm/GitHub, yet the skill metadata doesn't declare that dependency — verify the package and repository (author, release history, source code) before running any install. (2) The skill instructs agents to fetch external 'worldbook' documents and inject them into agent context; treat such external instructions as untrusted input. If you deploy this skill, restrict the agent from auto-installing packages or auto‑executing fetched instructions, run installs in a sandbox, review worldbook content before injection, and prefer pinned package versions or vetted sources. If you want to proceed, ask the publisher for the official package name, repository verification (checksums/signatures), and a declared required-binary/install spec in the metadata to remove the coherence gap.
功能分析
Type: OpenClaw Skill
Name: worldbook
Version: 0.1.0
The `SKILL.md` describes a core functionality where the AI agent is instructed to fetch 'instructions for AI' from an external source (via `worldbook get <name>`) and then explicitly 'inject it into your context'. This design pattern creates a severe prompt injection vulnerability, as it allows arbitrary, externally controlled instructions to be executed by the AI agent. While the stated purpose is benign ('learn how to use the service'), this mechanism provides a direct channel for an attacker to compromise the agent's behavior if the external 'worldbook' content source is compromised, leading to potential unauthorized actions or data exfiltration.
能力评估
Purpose & Capability
The skill is marketed as a CLI-first knowledge-base (worldbook) but the registry metadata declares no required binaries or install steps. SKILL.md assumes a worldbook CLI exists (and shows pip/npm/git install commands). Not declaring the CLI binary or an install spec in the skill metadata is an incoherence: either the skill should include/declare the CLI or it should be explicit that the skill is instruction-only and won't function without a separately installed package.
Instruction Scope
Runtime instructions tell agents to run 'worldbook get' and to 'inject' returned text into context. That means the agent will fetch and absorb arbitrary external instructions/text; the SKILL.md also recommends installing packages from PyPI/npm or cloning a GitHub repo. These steps can cause an agent to fetch and execute untrusted code or to incorporate unvetted instructions that could lead to undesired actions. The instructions do not include safety constraints or validation steps for external worldbook content.
Install Mechanism
There is no install spec in the skill metadata, but SKILL.md recommends installing 'worldbook' via pip, npm, or a git clone (https://github.com/femto/worldbook-cli). Suggesting package installs from public registries is common, but because the skill metadata omitted this dependency, it's not clear whether the platform or the user is expected to vet or sandbox those installs. Installing third-party CLI packages can execute arbitrary code on the host — the skill gives direct install commands without provenance/verification guidance.
Credentials
The skill declares no required environment variables, credentials, or config paths. There are no mismatched or excessive secret requests in the metadata or SKILL.md.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It uses default autonomous-invocation behavior (normal). The skill does not declare changes to other skills or system-wide config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install worldbook - 安装完成后,直接呼叫该 Skill 的名称或使用
/worldbook触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
worldbook 0.1.0 initial release
- Introduces a CLI tool for querying and managing a shared AI knowledge base.
- Allows agents to search for, fetch, and add worldbook entries via simple commands.
- Provides installation options for Python and Node.js.
- Focuses on a CLI-first approach—enabling structured, machine-readable information for AI agents.
- Includes examples and usage philosophy in the initial documentation.
元数据
常见问题
Worldbook 是什么?
AI's Knowledge Base CLI - Query and manage world knowledge for AI agents. Use when users want to search knowledge, add knowledge sources, or interact with th... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 580 次。
如何安装 Worldbook?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install worldbook」即可一键安装,无需额外配置。
Worldbook 是免费的吗?
是的,Worldbook 完全免费(开源免费),可自由下载、安装和使用。
Worldbook 支持哪些平台?
Worldbook 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Worldbook?
由 femto(@femto)开发并维护,当前版本 v0.1.0。
推荐 Skills