Yuque
Manage Yuque (语雀) knowledge base documents and repositories. Use when users need to interact with Yuque for document operations including reading documents,...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 32 · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code and SKILL.md: the skill is a Yuque API client for reading, listing, creating and updating docs. However the registry metadata lists no required environment variables or primary credential while both SKILL.md and the included CLI require a YUQUE_TOKEN environment variable. That mismatch is an incoherence (the token is expected for the stated purpose).
Instruction Scope
SKILL.md instructs only to call Yuque API endpoints (X-Auth-Token header) and to use helper scripts. The included scripts/yuque_cli.py performs only Yuque API calls to https://www.yuque.com/api/v2 and reads YUQUE_TOKEN. But SKILL.md references scripts (scripts/parse_yuque.py, scripts/search_yuque.py) and references/examples.md that are not present in the file manifest — instructions point to files that are missing, which is an inconsistency to resolve before use.
Install Mechanism
There is no install spec (instruction-only with a small Python script). Nothing is downloaded or extracted from external URLs; the CLI uses only the Python standard library. This is low-install risk.
Credentials
The skill requires a Yuque API token (YUQUE_TOKEN) according to SKILL.md and the CLI, but the registry metadata did not declare any required env vars or a primary credential. A secret token is necessary and appropriate for the stated functionality, but the omission in metadata is a red flag: it may cause unexpected behavior or confusion about what will be accessed. No other credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. It is user-invocable and can run autonomously (platform default). No code modifies other skills or system config.
What to consider before installing
This skill appears to implement a straightforward Yuque API client, but there are coherence issues you should resolve before installing:
- Provide a YUQUE_TOKEN: the CLI and SKILL.md require YUQUE_TOKEN, but the registry metadata omitted it. Treat YUQUE_TOKEN as a secret and create a token with the minimum required scope.
- Missing helper files: SKILL.md mentions scripts/parse_yuque.py, scripts/search_yuque.py and references/examples.md that are not included. Ask the publisher for the missing files or remove references before relying on those workflows.
- Review the included script: scripts/yuque_cli.py uses only the Python standard library and calls only https://www.yuque.com/api/v2. Confirm there are no hardcoded alternate endpoints if you need greater assurance.
- If you do not trust the publisher or cannot obtain the missing files, avoid supplying your Yuque token. Consider requesting updated metadata that correctly lists required environment variables (primaryEnv = YUQUE_TOKEN) and a complete file manifest.
I have medium confidence in this assessment because the code visible is benign and coherent with the stated purpose, but the metadata/instruction mismatches and missing helper scripts create ambiguity that should be clarified before use.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Yuque Skill
Interact with Yuque (语雀) knowledge base platform via the Yuque Open API.
Prerequisites
- Yuque API Token (stored in environment variable
YUQUE_TOKEN) - Base URL:
https://www.yuque.com/api/v2
Authentication
All API requests require an X-Auth-Token header with your Yuque token.
Core Workflows
1. Get User Info
curl -s -H "X-Auth-Token: $YUQUE_TOKEN" https://www.yuque.com/api/v2/user
2. List User Repositories
curl -s -H "X-Auth-Token: $YUQUE_TOKEN" https://www.yuque.com/api/v2/users/<login>/repos
3. List Repository Documents
curl -s -H "X-Auth-Token: $YUQUE_TOKEN" https://www.yuque.com/api/v2/repos/<namespace>/docs
4. Get Document Detail
curl -s -H "X-Auth-Token: $YUQUE_TOKEN" https://www.yuque.com/api/v2/repos/<namespace>/docs/<slug>
5. Get Document Content (HTML/Markdown)
# Get HTML content
curl -s -H "X-Auth-Token: $YUQUE_TOKEN" https://www.yuque.com/api/v2/repos/<namespace>/docs/<slug>?raw=1
# Get Markdown content
curl -s -H "X-Auth-Token: $YUQUE_TOKEN" https://www.yuque.com/api/v2/repos/<namespace>/docs/<slug>?raw=1 | python scripts/parse_yuque.py --format md
6. Create Document
curl -s -X POST \
-H "X-Auth-Token: $YUQUE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"title": "Document Title", "body": "Document content in Markdown"}' \
https://www.yuque.com/api/v2/repos/<namespace>/docs
7. Update Document
curl -s -X PUT \
-H "X-Auth-Token: $YUQUE_TOKEN" \
-H "Content-Type: application/json" \
-d '{"title": "New Title", "body": "Updated content"}' \
https://www.yuque.com/api/v2/repos/<namespace>/docs/<id>
8. Search Documents
Yuque API doesn't have a direct search endpoint. Use list + filter approach:
# List all docs in a repo and filter by title
python scripts/search_yuque.py --namespace <namespace> --query "keyword"
Common Namespace Formats
- Personal repo:
username/repo-slug - Team repo:
teamname/repo-slug
Response Format
All API responses are JSON with this structure:
{
"data": { ... },
"meta": { ... }
}
Error Handling
Common HTTP status codes:
401: Unauthorized (check token)403: Forbidden (no permission)404: Resource not found429: Rate limited (wait and retry)
Helper Scripts
Use the provided Python scripts for common operations:
scripts/yuque_cli.py- Full CLI for Yuque operationsscripts/parse_yuque.py- Parse Yuque HTML to Markdownscripts/search_yuque.py- Search documents in repositories
References
- API Documentation: See references/api.md
- Common Operations: See references/examples.md
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…