📦 Aliyun Opensearch Search — 阿里云向量搜索

v1.0.0

通过 Python SDK(ha3engine)调用阿里云 OpenSearch 向量版,一键推送文档并执行 HA/SQL 向量检索,为 RAG、语义搜索场景提供毫秒级召回能力。

0· 78·0 当前·0 累计
下载技能包
最后更新
2026/4/1
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill appears to do what it says (push/search OpenSearch) but there are important issues to verify before installing/using it: - Metadata vs reality: the registry metadata does not list any required env vars, but the SKILL.md and quickstart.py require several credentials (OPENSEARCH_ENDPOINT, OPENSEARCH_INSTANCE_ID, OPENSEARCH_USERNAME, OPENSEARCH_PASSWORD, OPENSEARCH_DATASOURCE, etc.). Ask the publisher to correct metadata or document why credentials are omitted. - Transport security: qu...
详细分析 ▾
用途与能力
The SKILL.md and scripts clearly require OpenSearch connection credentials and configuration (OPENSEARCH_ENDPOINT, OPENSEARCH_INSTANCE_ID, OPENSEARCH_USERNAME, OPENSEARCH_PASSWORD, OPENSEARCH_DATASOURCE, etc.), which are appropriate for the described OpenSearch functionality. However, the registry metadata declares no required environment variables or primary credential — that mismatch is an incoherence that should be clarified before installation.
指令范围
Instructions stay within the stated purpose (install SDK, push documents, run HA/SQL searches). However: (1) the quickstart code sets protocol='http' (plaintext) for the client, which can expose credentials in transit; (2) the workflow asks agents to save 'key parameters' (region/resource id/time range) and artifacts to disk under an output directory — this is plausible for reproducibility but can lead to persistent sensitive artifacts if not handled carefully. The instructions also rely on environment variables that are not declared in metadata.
安装机制
No install spec is embedded in the skill bundle (instruction-only). SKILL.md recommends installing the official-looking pip package alibabacloud-ha3engine in a venv. This is a standard, low-risk approach provided the package source/version is validated before install.
凭证需求
The environment variables the skill needs (endpoint, instance id, username, password, datasource, pk field, optional cluster) are proportionate to the OpenSearch use case. But the metadata declaring 'Required env vars: none' is inconsistent with reality. Also OPENSEARCH_PASSWORD is a secret; the code's use of HTTP (not HTTPS) increases the risk of credential exposure in transit.
持久化与权限
always is false and the skill does not request elevated platform privileges or permanent presence. It writes artifacts to an output/aliyun-opensearch-search directory per instructions, which is normal for a quickstart but should be treated as potentially sensitive storage.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/4/1

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install aliyun-opensearch-search
镜像加速npx clawhub@latest install aliyun-opensearch-search --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库