The skill appears to do what it says (a local-first vault driven by the SwarmVault CLI); its requirements and instructions are generally coherent, with a few minor mismatches and privacy-sensitive behaviors to be aware of.
评估建议
This skill is a wrapper for the SwarmVault CLI and is internally consistent with that purpose. Before installing:
- Confirm you trust the npm package @swarmvaultai/cli (review the project/release source and package publisher). Global npm installs run code on your machine.
- Audit what you plan to ingest: SwarmVault intentionally captures many local file types (including .env, mailboxes, exports). Do not ingest directories containing secrets, credentials, or private keys you don't want stored in ...
详细分析 ▾
✓用途与能力
Name and description match the runtime instructions and the declared install: the skill is an instruction wrapper for the SwarmVault CLI and expects a 'swarmvault'/'vault' binary or the npm-installed @swarmvaultai/cli. No unrelated credentials or unrelated binaries are requested.
ℹ指令范围
SKILL.md and bundled docs instruct the agent to run many swarmvault commands that read and write a broad set of local paths (wiki/, state/, raw/, ~/.swarmvault/models/, etc.) and to ingest arbitrary files and URLs. This is consistent with a local vault but is privacy-sensitive because the tool explicitly ingests structured config files (including .env) and other personal exports. The docs also reference an environment variable (SWARMVAULT_WHISPER_BINARY) and home-model paths not declared in requires.env.
✓安装机制
Install is via an npm package (@swarmvaultai/cli) which will create the expected binaries. This is a typical, traceable install method for a CLI. There are no opaque direct-download URLs in the skill's install spec. The README does reference 'swarmvault provider setup --local-whisper --apply' which may download models at runtime (outside the skill installer) — that behavior is part of the CLI, not the skill bundle.
ℹ凭证需求
The skill declares no required environment variables, which is reasonable for a local-first tool. However the docs reference environment variables (e.g., SWARMVAULT_WHISPER_BINARY) and recommend wiring external providers (OpenAI, Ollama, Anthropic, etc.) that will require API keys. The presence of references to .env ingestion and provider keys is expected for this kind of tool, but the SKILL.md does not declare or limit those envs — users should be aware that secrets can be incorporated into the vault if ingested.
✓持久化与权限
always:false and normal autonomous invocation settings are used. The skill does not request elevated persistent platform privileges and does not declare changes to other skills or global agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.02026/4/7
Added a local-Whisper audio provider — `providers.<id>.type = "local-whisper"` shells out to a user-installed `whisper.cpp` binary and exposes the `audio` capability only, so voice memos, meetings, and arbitrary `.wav`/`.mp3`/`.m4a`/`.flac`/`.ogg`/`.webm` files transcribe end-to-end with no API keys and no network traffic; binary discovery falls back through `localWhisper.binaryPath`, `SWARMVAULT_WHISPER_BINARY`, and `$PATH` lookups for `whisper-cli` / `whisper-cpp` / `whisper`, and the configurable `model`, `binaryPath`, `modelPath`, `extraArgs`, and `threads` fields on the provider entry are forwarded through to the binary; the provider is documented as **experimental** in `STABILITY.md`; Added `swarmvault provider setup --local-whisper` — an interactive subcommand that reports whisper.cpp binary status, downloads the configured ggml model (`base.en` by default, `--model {tiny.en,small.en,medium.en,large-v3}` to switch tiers) from the canonical `ggerganov/whisper.cpp` Hugging Face mirror into `~/.swarmvault/models/`, and registers the provider in `swarmvault.config.json` (setting `tasks.audioProvider = "local-whisper"` when no audio provider was previously configured, or leaving an existing assignment alone unless `--set-audio-provider` is passed); `--apply` skips prompts for CI / scripted installs, and `--json` emits a structured status without prompting or downloading; Audio sources are now accepted through the inbox importer alongside the existing document and image kinds — drop a voice memo into `raw/inbox/` (or a watched root) and the watcher, inbox scanner, and `swarmvault add` all route it through the configured audio provider; transcribed text flows through the same ingest-time redactor as every other derived text, so secrets spoken aloud in a meeting are scrubbed before they reach `raw/` or `wiki/`
by