ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

flomo-crud-skill

v1.0.0

Query, insert, edit, and delete flomo memos through the flomo Web UI using Chrome MCP tools (no official API required). Use when a user wants CRUD operations...

0· 344·2 current·2 all-time
byZeeland@undertone0809
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (flomo Web CRUD via Chrome MCP) align with the instructions: the skill automates the flomo web UI and needs page reads/clicks and, in practice, in-page JS to reliably edit/delete. Asking to interact with the page DOM and extract memo_id from hrefs is coherent with the purpose. However, using internal Vue instance access (.__vue__) and calling component methods (e.g., onSubmit(), Memo.removeMemo(memo)) is a higher-privilege technique than simple DOM clicks — it's plausible for robustness but expands capabilities beyond ordinary UI automation.
!
Instruction Scope
SKILL.md and reference docs instruct the agent to execute JS inside the page and call framework internals (document.querySelector(...).__vue__, Memo.changeToEditMode(), Memo.removeMemo(memo)). Those instructions give the agent the ability to run arbitrary code in the user's logged-in browser context and access any data available there. The README also contains an installation sentence that asks the installer to 'report the installation path, configuration file path and validation results' back to the author — this would cause the agent to reveal local paths/validation output if followed. While these steps are explainable for robust automation, they materially increase the risk of reading or manipulating data beyond the stated memo CRUD scope.
Install Mechanism
No install spec or binary downloads are included in the skill bundle (instruction-only). That reduces supply-chain risk. The README suggests using external projects (hangwin/mcp-chrome and chrome-mcp-server) but does not embed or fetch code directly.
Credentials
The skill requests no environment variables, no credentials, and no config paths in its manifest. That is proportionate to a browser-automation-only skill. Caveat: the README's suggested installation step asks to report installation and config paths, which would expose local information if followed — this is not declared in the skill's manifest and therefore deserves caution.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. Autonomous invocation is allowed (platform default). Because the instructions run code in a logged-in browser session, an autonomously-invoked agent could perform actions within that session; combine that with the ability to execute in-page JS and the effective blast radius increases. The skill's own safety docs forbid persisting memo bodies, but that is a policy not a technical enforcement.
What to consider before installing
This skill is internally consistent with its goal (automating flomo via Chrome MCP) but includes instructions that execute JavaScript inside your logged-in browser and call framework internals (.__vue__ and component methods). Those actions are powerful and could access or modify anything available in that browser session. Before installing or running it: - Only use it with a browser profile you control and that does not contain other sensitive, unrelated sessions. Prefer a disposable or dedicated browser profile for this skill. - Inspect and control the MCP bridge implementation you run (hangwin/mcp-chrome or chrome-mcp-server); run those packages from trusted sources and review their code if possible. - Do not blindly copy the README install sentence to third-party agents: it requests that you 'report installation path and config file path' back to the author — avoid sending local filesystem paths or diagnostics to unknown remote actors. - Prefer interactive (user-in-the-loop) use for destructive actions and keep automatic deletion disabled unless you fully trust the skill and environment. - If you need only read/search functionality, restrict the agent to query-only runs (avoid granting edit/delete permissions) and test read operations first. If you want higher assurance, request the concrete MCP commands the skill will run in your environment, or ask the author for a minimal, read-only mode that forbids executing component fallbacks (.__vue__/Memo.*) and only uses safe DOM reads/clicks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fawnq5z44c37vptmhq5eb0x81z6qc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Flomo Web CRUD

Overview

Use Chrome MCP tools to operate on live flomo memos at https://v.flomoapp.com/mine.

This skill is for Web UI automation only. It does not depend on flomo official APIs.

Default behavior (v1):

  • Full CRUD (query/search, create/insert, edit, delete)
  • Text search first, but lock a target by memo_id before write actions
  • edit defaults to full content replacement (replace)
  • delete always requires explicit second confirmation
  • Auto deep scan for search with default cap of 50 memos
  • Minimal logging (do not persist memo body text)

Preconditions

  • User is already logged in to flomo Web in Chrome
  • Chrome MCP is available and working in this Codex session
  • Prefer desktop layout (wide viewport). Mobile layout is best-effort only.

Use This Skill When

  • The user asks to search or find live flomo memos
  • The user asks to insert/create a flomo memo in their real account
  • The user asks to edit/update an existing flomo memo
  • The user asks to delete a flomo memo and accepts confirmation steps

Do Not Use This Skill When

  • The user only wants to process exported flomo HTML/archives (use flomo-memo-to-markdown instead)
  • The user asks for batch operations across many memos (not v1)
  • The user asks for attachment upload/edit support (not v1)

Default Workflow (High Level)

  1. Confirm Chrome MCP connectivity and switch to the flomo tab (or navigate to flomo).
  2. For query/edit/delete, run search workflow and build memo candidates from visible memo cards/links.
  3. If needed, deep-scan by scrolling and repeating reads up to the scan cap.
  4. For write operations, lock the target by memo_id and present a confirmation step.
  5. Execute UI actions with chrome_read_page refs first; refresh refs if they expire.
  6. Validate the result by re-reading the page and summarizing the outcome.

Safety Rules (Must Follow)

  • delete: Always require explicit second confirmation before actual deletion.
  • edit via text search: Require candidate confirmation before writing.
  • Do not persist memo body text to local files.
  • If target UI controls cannot be located reliably, stop and report a recoverable failure instead of guessing.

Tool Priority

Use mcp-chrome-global Chrome MCP tools in this order of preference:

  1. chrome_switch_tab / chrome_navigate
  2. chrome_read_page (structured refs)
  3. chrome_get_web_content (fast visible text read)
  4. chrome_click_element, chrome_fill_or_select, chrome_keyboard
  5. chrome_screenshot (debugging / visual confirmation)
  6. chrome_computer (coordinate fallback, minimal use)
  7. chrome_request_element_selection (human-in-the-loop fallback after repeated failures)

Intent Mapping

query/search

Return candidate memos with:

  • memo_id
  • visible timestamp text
  • short snippet
  • match reason

create/insert

Insert a new memo through the top editor and report success with best-effort new memo_id detection.

edit

Default mode is replace (replace full memo body). append/prepend are reserved optional modes and may be unsupported in v1 unless explicitly implemented during the run.

delete

Delete a single target memo only after the user confirms the selected candidate.

Candidate / Action / Result Shapes

Use these internal conventions in responses and reasoning (no code API required):

MemoCandidate

  • memo_id: string
  • timestamp_text: string
  • snippet: string
  • match_reason: string
  • score?: number

ActionPlan

  • action: query | create | edit | delete
  • target_query?: string
  • target_memo_id?: string
  • edit_mode?: replace | append | prepend
  • scan_limit: number (default 50)
  • requires_confirmation: boolean

ActionResult

  • success: boolean
  • action: string
  • memo_id?: string
  • matched_count?: number
  • message: string
  • warnings?: string[]

Follow-Up Questions (Ask Only When Needed)

Ask only if it changes the action materially:

  • Multiple candidates match and a write action is requested
  • The user did not provide new content for create or edit
  • The user wants a scan cap larger than the default 50
  • The page layout is mobile or controls cannot be found reliably
  • A destructive action (delete) reaches the final confirmation point

References

  • Workflow details: references/workflows.md
  • UI locator strategy and fallback policy: references/ui-locators.md
  • Safety and logging policy: references/safety.md
  • Validation checklist: references/test-checklist.md

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…