书搭子 - 最懂你的AI读书伴侣

DeBERTa classifier detected prompt injection (confidence: 0.97)

The skill allows users to update the agent's profile and reset its persona via instructions, which could be abused to manipulate its core reasoning, biases, or stored information (memory).

用户可随时通过指令要求书搭子更新档案或重置人设。

All user data (profiles, book content, notes, chat history) is stored in a well-known local directory (`~/book-companion-library/`), making it a potential target for local manipulation or exfiltration if the agent's local environment is compromised.

所有用户档案、书籍内容、阅读笔记、对话记录均存储在用户工作目录下的 `~/book-companion-library/` 文件夹中。

The skill claims "All data 100% localized" and "absolutely no upload to third-party servers," implying complete data isolation. However, it explicitly uses an `autoglm-browser-agent` for "internet data scraping" and "book information," which inherently involves contacting and retrieving data from external, third-party servers. While user data might not be uploaded, the "100% localized" claim is misleading regarding data origin and external connectivity.

Stated: "所有数据 100% 本地化，绝不上传第三方服务器。" (All data 100% localized, absolutely no upload to third-party servers.) Actual: "书籍信息与互联网数据抓取均通过 OpenClaw 的受限浏览器工具 (autoglm-browser-agent) 进行。" (Book information and internet data scraping are done through OpenClaw's restricted browser tool (autoglm-browser-agent).)