📦 Hi Lite — Kindle金句速览
v1.0.0一键搜索、浏览并重新发现你的 Kindle 高亮标注,支持全文检索与标签管理,让阅读笔记秒变知识库。
0· 468·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to do what it says for local importing and searching of Kindle highlights, but there are important caveats: (1) The package is instruction-only and contains no import/fetch scripts — the README's "Auto-Fetch from Amazon" flow and GitHub install instructions refer to external code you would need to download and run yourself. Don't run pip install or clone/run code from the internet unless you inspect the repository first. (2) Auto-fetching requires logging into Amazon in a brow...详细分析 ▾
ℹ 用途与能力
The declared purpose (import/search Kindle highlights locally) matches the instructions to read/write files under ~/.openclaw/workspace/hi-lite/. However the README documents an 'Auto-Fetch from Amazon' feature and gives GitHub clone/install options that imply external code (Python + Playwright) which are not included in this registry package. That is an inconsistency: the skill advertises functionality that requires additional tooling or external repo code not bundled here.
ℹ 指令范围
Runtime instructions are scoped to the user's workspace directory and parsing of user-provided highlight files — appropriate for the stated purpose. The instructions also recommend adding the highlights directory to the agent's memorySearch.extraPaths (optional) and describe an auto-fetch workflow that will require a real browser login/session; the skill does not clearly state where session cookies or fetched data are stored or how they are protected. The fetch/login guidance raises a privacy surface (saving an authenticated session) that is not fully explained.
ℹ 安装机制
This is instruction-only (no install spec) which is low-risk. The README nonetheless suggests pip installing Playwright and cloning a GitHub repo; because no install spec or code files are bundled, the README's install/fetch steps are external actions the user must perform themselves. That mismatch is a clarity/usability issue and a potential risk if users blindly follow commands to fetch/run third-party code without inspecting it.
✓ 凭证需求
The skill does not request environment variables, credentials, or config paths in the registry metadata. Its declared local filesystem access (creating and reading files under ~/.openclaw/workspace/hi-lite/) is proportionate to its purpose. Note: the described Amazon auto-fetch requires a logged-in browser session (credentials entered by the user) and saving that session; although not requested via env vars, that behavior can expose account session cookies if an external script is used — the package does not explain where/how sessions are stored.
✓ 持久化与权限
The skill does not request always:true and is user-invocable only. It does suggest (optionally) adding the highlights directory to memorySearch.extraPaths to enable semantic search, which requires modifying the user's OpenClaw config if they opt in. That is a user-controlled change and not an elevated privilege by itself.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/23
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install hi-lite
镜像加速npx clawhub@latest install hi-lite --registry https://cn.longxiaskill.com镜像同步中