← 返回 Skills 市场
648
总下载
0
收藏
2
当前安装
3
版本数
在 OpenClaw 中安装
/install x-knowledge-base
功能描述
自動收集 X 書籤並轉化為 Obsidian 知識庫,配備 AI 濃縮與交叉連結功能,支援自我進化趨勢分析
安全使用建议
Key things to consider before installing:
- Metadata mismatch: The registry says no required env vars/binaries, but the SKILL.md and scripts require BIRD_AUTH_TOKEN and BIRD_CT0 and expect bird CLI, curl, and Python. Confirm these requirements and failure modes before installing.
- Privacy / data exfiltration: The skill sends bookmark/article URLs and full text to external services (r.jina.ai for fetching page content and the MiniMax endpoint for summarization). If your bookmarks contain private or sensitive content, that content will be transmitted to third parties. Only provide API keys/tokens if you trust those services and accept that data flow.
- Token scope and handling: BIRD tokens grant access to your X/Twitter account bookmarks—treat them like passwords. Provide the minimal-privilege tokens and avoid running the skill on a shared account or host you don't control.
- Default paths and filesystem access: Scripts use hardcoded defaults under /home/ubuntu/clawd/..., which may read/write many files in that tree. Consider running in an isolated environment (container or dedicated user) and override SOURCE_DIR/BOOKMARKS_DIR/OBSIDIAN_DIR to safe locations.
- Optional API keys: You can skip AI summarization by leaving MINIMAX_API_KEY unset (scripts check for this), reducing external calls.
- Inspect and test locally: Because code is bundled, review or run the scripts in a safe environment first. Pay attention to the Jina URL variants in docs vs scripts (they differ slightly) and test with non-sensitive bookmarks.
If you want to proceed, run the skill in an isolated VM/container, set explicit target directories, and avoid providing API keys until you verify behavior with dummy data.
功能分析
Type: OpenClaw Skill
Name: x-knowledge-base
Version: 1.0.2
The skill is classified as suspicious due to several security vulnerabilities and risks, rather than clear malicious intent. Sensitive environment variables (`BIRD_AUTH_TOKEN`, `BIRD_CT0`) are passed directly as command-line arguments in `scripts/fetch_bookmarks.sh`, making them potentially visible in process lists. The skill also heavily relies on external third-party services (Jina AI, MiniMax API, Brave Search API) and an external CLI tool (`bird CLI`), introducing significant supply chain risks. While the skill's stated purpose is benign, these practices represent security flaws that could be exploited.
能力评估
Purpose & Capability
The code and docs implement bookmark collection, article fetching, AI summarization, cross-linking, and trend analysis which match the description. However the registry metadata claims no required environment variables or binaries while the SKILL.md/scripts require BIRD_AUTH_TOKEN/BIRD_CT0 and tools (bird CLI, curl, python3). That mismatch is incoherent and should have been declared.
Instruction Scope
Runtime instructions and scripts read and write Markdown bookmark files under default paths (e.g. /home/ubuntu/clawd/memory/bookmarks and ~/clawd/obsidian-vault), call external endpoints (r.jina.ai for full-text fetching and the MiniMax API for summarization), and store trend JSON files. These actions are within the skill's stated purpose, but they will transmit bookmark/article content to third-party services (Jina, MiniMax), which is a privacy/exfiltration risk the user must accept explicitly.
Install Mechanism
No install spec is provided (instruction-only install), so nothing is auto-downloaded during installation. Code files are bundled with the skill and will run on the host. The lack of an install step reduces supply-chain risk, but bundled scripts assume availability of system tools (bird, curl, python3) that are not declared in the registry metadata.
Credentials
The SKILL.md and scripts require BIRD_AUTH_TOKEN and BIRD_CT0 (Twitter/bird CLI auth) and optionally MINIMAX_API_KEY; those are appropriate for the stated functionality. However the registry metadata lists no required env vars, which is inconsistent. Also supplying the MiniMax key (or using Jina proxy) will send bookmark/article contents to third-party services — this is proportionate only if you accept that external transmission of your bookmarked content is intended.
Persistence & Privilege
The skill does not request always: true and does not modify other skills. It writes files into user-level directories (~/clawd/...), creates trends JSON, and updates bookmarks — this is expected for a knowledge-base tool, but be aware of the default hardcoded paths that may need changing.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install x-knowledge-base - 安装完成后,直接呼叫该 Skill 的名称或使用
/x-knowledge-base触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Security patch: remove hardcoded secrets, env-based config, robust API field handling
v1.0.1
新增 scripts: fetch_bookmarks, fetch_article, save_obsidian
v1.0.0
x-knowledge-base 1.0.0
- 初始版本:將 X (Twitter) 書籤自動轉化為 Obsidian Markdown 知識庫
- 支援一鍵批次擷取書籤並抓取完整原文
- 提供 AI 濃縮:自動產生摘要、重點、應用場景
- 標籤自動交叉連結,方便知識庫串連
- 具備自我進化趨勢分析:動態追蹤標籤、偵測新興趨勢,並自動調整推薦與關鍵字
- 支援多 API 整合(Twitter, Brave Search, Jina AI, MiniMax)
元数据
常见问题
X Knowledge Base 是什么?
自動收集 X 書籤並轉化為 Obsidian 知識庫,配備 AI 濃縮與交叉連結功能,支援自我進化趨勢分析. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 648 次。
如何安装 X Knowledge Base?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install x-knowledge-base」即可一键安装,无需额外配置。
X Knowledge Base 是免费的吗?
是的,X Knowledge Base 完全免费(开源免费),可自由下载、安装和使用。
X Knowledge Base 支持哪些平台?
X Knowledge Base 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 X Knowledge Base?
由 Hidicence(@hidicence)开发并维护,当前版本 v1.0.2。
推荐 Skills