📦 Aliyun Opensearch Search — 阿里云向量搜索

v1.0.0

通过 Python SDK（ha3engine）调用阿里云 OpenSearch 向量版，一键推送文档并执行 HA/SQL 向量检索，为 RAG、语义搜索场景提供毫秒级召回能力。

0· 78·0 当前·0 累计

by @cinience

AI模型访问 API工具云服务网络工具

下载技能包

最后更新

2026/4/1

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

NULL

评估建议

This skill appears to do what it says (push/search OpenSearch) but there are important issues to verify before installing/using it: - Metadata vs reality: the registry metadata does not list any required env vars, but the SKILL.md and quickstart.py require several credentials (OPENSEARCH_ENDPOINT, OPENSEARCH_INSTANCE_ID, OPENSEARCH_USERNAME, OPENSEARCH_PASSWORD, OPENSEARCH_DATASOURCE, etc.). Ask the publisher to correct metadata or document why credentials are omitted. - Transport security: qu...

详细分析 ▾

⚠ 用途与能力

The SKILL.md and scripts clearly require OpenSearch connection credentials and configuration (OPENSEARCH_ENDPOINT, OPENSEARCH_INSTANCE_ID, OPENSEARCH_USERNAME, OPENSEARCH_PASSWORD, OPENSEARCH_DATASOURCE, etc.), which are appropriate for the described OpenSearch functionality. However, the registry metadata declares no required environment variables or primary credential — that mismatch is an incoherence that should be clarified before installation.

⚠ 指令范围

Instructions stay within the stated purpose (install SDK, push documents, run HA/SQL searches). However: (1) the quickstart code sets protocol='http' (plaintext) for the client, which can expose credentials in transit; (2) the workflow asks agents to save 'key parameters' (region/resource id/time range) and artifacts to disk under an output directory — this is plausible for reproducibility but can lead to persistent sensitive artifacts if not handled carefully. The instructions also rely on environment variables that are not declared in metadata.

✓ 安装机制

No install spec is embedded in the skill bundle (instruction-only). SKILL.md recommends installing the official-looking pip package alibabacloud-ha3engine in a venv. This is a standard, low-risk approach provided the package source/version is validated before install.

⚠ 凭证需求

The environment variables the skill needs (endpoint, instance id, username, password, datasource, pk field, optional cluster) are proportionate to the OpenSearch use case. But the metadata declaring 'Required env vars: none' is inconsistent with reality. Also OPENSEARCH_PASSWORD is a secret; the code's use of HTTP (not HTTPS) increases the risk of credential exposure in transit.

✓ 持久化与权限

always is false and the skill does not request elevated platform privileges or permanent presence. It writes artifacts to an output/aliyun-opensearch-search directory per instructions, which is normal for a quickstart but should be treated as potentially sensitive storage.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/1

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install aliyun-opensearch-search

镜像加速npx clawhub@latest install aliyun-opensearch-search --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库