📦 NirvanaLocal First — NirvanaLocal优先
v0.1.1OpenClaw 插件,提供以隐私为中心的 AI 推理,内置 qwen2.5:7b 模型,支持智能路由、审计日志及可选云降级……
0· 26·0 当前·0 累计
by 安全扫描
OpenClaw
安全
medium confidenceThe plugin's files, instructions, and manifest are internally coherent with a local-first Ollama-based inference provider, but there are a few sensitive choices and a prompt-injection flag that warrant manual review before installing in production.
评估建议
This plugin appears to do what it claims: local-first routing via Ollama with context stripping and local audit logs. Before installing: 1) Verify the repository origin (the registry entry lists source as 'unknown' but docs reference a GitHub repo); confirm the GitHub repo and commit history are legitimate. 2) Inspect the ollama-manager.js and privacy-auditor.js files to ensure no undisclosed network endpoints or upload logic exist. 3) Run the plugin in an isolated environment (VM or disposable ...详细分析 ▾
✓ 用途与能力
Name/description, manifest permissions, and code files (router, context-stripper, ollama-manager, privacy-auditor) align with a local-first inference plugin that manages Ollama, routes queries, strips context before cloud calls, and writes audit/metrics to local memory. No unrelated credentials or bizarre binaries are requested.
ℹ 指令范围
Runtime instructions focus on starting an Ollama container, installing the plugin, and verifying health; they explicitly reference local audit/metrics files and backing up local models. This is consistent with the stated purpose, but the plugin will read and write local identity/memory files and instructs publishing artifacts to external services (GitHub/ClawHub/Google Drive) in the docs — those publication steps are administrative, not runtime, but you should review them if you expect zero external interactions.
ℹ 安装机制
No install spec in the registry entry (instruction-only), but this is a code plugin with sources included; installation will place code on disk. It relies on standard public Docker images (ollama/ollama, qdrant, qdrant, falkordb) and Ollama auto-pulls models. There are no obscure or shortened URLs or private download hosts in the provided materials. Auto-pulling a multi-GB model from Ollama is expected but substantial (network + disk).
ℹ 凭证需求
The skill requests no external API keys by default, which fits the 'zero API keys' claim. The manifest explicitly grants read access to highly sensitive local files (SOUL.md, USER.md, MEMORY.md, session state) and write access to memory/* — this is proportionate for a privacy-enforcement plugin but is high-sensitivity access. Treat these local file reads as sensitive privileges and verify code paths that handle/export those contents (context-stripper and privacy-auditor are present and intended to constrain exports).
ℹ 持久化与权限
always:false and normal hooks (on-query/on-response) are expected. The plugin declares execute permissions for 'docker' / 'ollama-api' so it can manage local containers, which is coherent for lifecycle management but increases attack surface (access to Docker and the host environment). No 'always: true' or hidden persistent backdoors were found in the provided materials.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.12026/4/20
- Updated plugin-manifest.json. - No functional or documentation changes to SKILL.md. - Maintenance release only.
● 无害
安装命令
点击复制官方npx clawhub@latest install nirvana-plugin
镜像加速npx clawhub@latest install nirvana-plugin --registry https://cn.longxiaskill.com