ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wolai Mcp Skill

通过 wolai MCP 协议操作 wolai 笔记(MCP 版本)。支持读取页面/大纲/块内容、创建/删除/更新文档、搜索文档、Section 级编辑、块级精确操作、多栏布局等。比 API 版本功能更强大,支持删除、修改、搜索等 API 版本不支持的操作。当用户配置了 WOLAI_MCP_TOKEN 时优先使用...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 40 · 0 current installs · 0 all-time installs
by花渡@cizixiu
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (operate Wolai via the MCP endpoint) matches the PowerShell code that POSTs to https://api.wolai.com/v1/mcp and the listed operations (create/read/update/delete/search). Requiring a Wolai MCP token is appropriate for the functionality. However, the registry metadata lists no required environment variables/credentials, which is inconsistent with the runtime instructions.
!
Instruction Scope
SKILL.md contains a concrete PowerShell function (Invoke-WolaiMcp) that sends requests to Wolai and reads $env:WOLAI_MCP_TOKEN. It also tells the AI to '自动写入 WOLAI_MCP_TOKEN 环境变量' (automatically write the token). That instructs the agent to create/modify an environment variable holding a bearer token — a scope-expanding action that should be explicit in metadata and limited by user consent. Other than the token and calls to the Wolai MCP endpoint, the instructions do not reference unrelated files or endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files executed by the platform; nothing is downloaded or installed by the skill metadata itself, which reduces installer risk.
!
Credentials
The skill requires a long-lived bearer token (prefixed 'sk-') to operate. The manifest failed to declare this required credential (requires.env is empty), yet the runtime pre-check and code expect WOLAI_MCP_TOKEN. Asking the agent to automatically store such a token without declaring it or explaining storage/rotation/permissions is disproportionate and a transparency issue. A bearer token would permit broad access to the user's Wolai notes, so least-privilege and secure handling are important.
Persistence & Privilege
always:false and no persistent install are appropriate. The skill is allowed to be invoked autonomously by the agent (platform default); combined with access to a long-lived account token this raises the blast radius if misused. This is not grounds for rejection by itself but is relevant to risk decisions.
What to consider before installing
Before installing: (1) Confirm with the skill author why the manifest omits WOLAI_MCP_TOKEN — the runtime clearly needs it and the metadata should declare the required credential. (2) Do not paste or allow automatic storage of your permanent Wolai token unless you fully trust the skill source; prefer creating a limited-scope or temporary token and rotating it after use. (3) Ask how/where the agent will store the token (ephemeral vs persistent, encrypted). (4) Consider running the skill in an isolated account or environment and monitor Wolai account activity for unexpected changes. (5) If you proceed, request the author update the skill metadata to list WOLAI_MCP_TOKEN as a required credential and document token scope and storage behavior. If the author cannot clarify, treat the omission as a red flag and avoid installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk97dav6qq73rtq80p3c3ymgfwd835xr5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

wolai MCP Skill

通过 wolai 官方 MCP 协议操作笔记,功能全面,支持读取、写入、搜索、删除、修改等所有操作。

MCP 服务地址:https://api.wolai.com/v1/mcp

Setup

1. 获取 MCP Token

  1. 打开 wolai 笔记https://www.wolai.com),登录你的账号
  2. 点击左上角消息箱图标右侧的三个小圆点图标→个人设置
  3. 在设置面板中左边栏找到并点击**「MCP 接入」**
  4. 面板中已经标注了MCP 服务地址:https://api.wolai.com/v1/mcp
  5. 点击右上角创建Token按钮,创建后复制Token令牌字符串

⚠️ 注意:Token 是以 sk- 开头的长字符串

2. 配置环境变量

告诉 AI 助手:

「帮我配置 wolai MCP Token,Token 是 sk-xxxxxx」

AI 会自动写入 WOLAI_MCP_TOKEN 环境变量。

安装完成后的首次使用

首次使用技能时,AI 会检查是否已配置 MCP Token。如果没有配置,会提示你按上述步骤获取并配置 Token。

凭证预检

if (-not $env:WOLAI_MCP_TOKEN) {
    Write-Host "缺少 WOLAI_MCP_TOKEN,请按 Setup 步骤配置"
    exit 1
}

核心调用函数

function Invoke-WolaiMcp {
    param(
        [string]$Tool,
        [hashtable]$Args = @{}
    )
    [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
    $OutputEncoding = [System.Text.Encoding]::UTF8

    $headers = @{
        "Authorization" = "Bearer $env:WOLAI_MCP_TOKEN"
        "Content-Type"  = "application/json"
        "Accept"        = "application/json, text/event-stream"
    }
    $bodyObj = @{
        jsonrpc = "2.0"
        id      = 1
        method  = "tools/call"
        params  = @{ name = $Tool; arguments = $Args }
    }
    $bodyBytes = [System.Text.Encoding]::UTF8.GetBytes(($bodyObj | ConvertTo-Json -Depth 10))
    $raw = Invoke-RestMethod -Method POST `
        -Uri "https://api.wolai.com/v1/mcp" `
        -Headers $headers -Body $bodyBytes

    # 解析 SSE 响应
    $dataLine = ($raw -split "`n" | Where-Object { $_ -match "^data:" } | Select-Object -First 1)
    $json = $dataLine -replace "^data:\s*", ""
    $result = $json | ConvertFrom-Json
    # 提取 data 内容
    $text = $result.result.content[0].text
    return $text | ConvertFrom-Json
}

工具决策表

用户意图优先工具备注
列出所有文档list_docs
读取页面结构get_page_outline轻量,先用这个
读取某章节内容get_section_content配合 outline 使用
定位某个章节locate_section自然语言描述位置
读取完整页面块get_page_blocks最后手段
搜索文档search_docs按标题关键词
创建新页面create_doc
更新页面标题/封面update_doc
删除页面delete_doc默认移入回收站
在标题下追加内容insert_under_heading最常用写入方式
重写某章节rewrite_section
移动章节move_section
删除章节delete_section
精确插入块insert_blocks_relative
修改块内容patch_block_content
替换块replace_block
删除块delete_block
创建多栏布局create_column_layout2-5 栏

常用工作流

读取页面内容

$pageId = "xxx"  # 从 URL 获取

# 第一步:获取大纲(轻量)
$outline = Invoke-WolaiMcp -Tool "get_page_outline" -Args @{ page_id = $pageId }

# 第二步:按需读取某个 section
$section = Invoke-WolaiMcp -Tool "get_section_content" -Args @{
    page_id    = $pageId
    section_id = "section_id_from_outline"
}

搜索文档

$results = Invoke-WolaiMcp -Tool "search_docs" -Args @{ query = "会议纪要"; limit = 10 }
$results.data | ForEach-Object { "$($_.id) | $($_.title)" }

创建新页面并写入内容

# 创建页面
$doc = Invoke-WolaiMcp -Tool "create_doc" -Args @{
    parent_id = "父页面ID"
    title     = "新页面标题"
}
$newPageId = $doc.data.id

# 写入内容(先获取大纲找到合适位置)
$outline = Invoke-WolaiMcp -Tool "get_page_outline" -Args @{ page_id = $newPageId }

在页面末尾追加内容

# 定位末尾 section
$loc = Invoke-WolaiMcp -Tool "locate_section" -Args @{
    page_id = "xxx"
    query   = "底部最后一个章节"
}
$sectionId = ($loc.data.sections | Select-Object -Last 1).section_id

# 追加内容
Invoke-WolaiMcp -Tool "insert_under_heading" -Args @{
    page_id           = "xxx"
    target_section_id = $sectionId
    placement         = "append_inside"
    blocks            = @(@{ type = "text"; content = "追加的内容" })
}

修改块内容

# 替换全部内容
Invoke-WolaiMcp -Tool "patch_block_content" -Args @{
    block_id = "xxx"
    patches  = @(@{ op = "replace_all"; content = "新内容" })
}

# 替换指定文字
Invoke-WolaiMcp -Tool "patch_block_content" -Args @{
    block_id = "xxx"
    patches  = @(@{ op = "replace_text"; old_text = "旧文字"; new_text = "新文字" })
}

删除页面

# 移入回收站(可恢复)
Invoke-WolaiMcp -Tool "delete_doc" -Args @{ doc_id = "xxx" }

# 永久删除
Invoke-WolaiMcp -Tool "delete_doc" -Args @{ doc_id = "xxx"; forever = $true }

块类型说明(create_block / rewrite_section / insert_under_heading 通用)

文本类

{ "type": "text",         "content": "普通文本" }
{ "type": "heading",      "content": "标题文字", "level": 1 }
{ "type": "quote",        "content": "引用内容" }
{ "type": "callout",      "content": "提示内容", "icon": {"type": "emoji", "icon": "💡"} }
{ "type": "bull_list",    "content": "无序列表项" }
{ "type": "enum_list",    "content": "有序列表项" }
{ "type": "toggle_list",  "content": "折叠块标题" }
{ "type": "todo_list",    "content": "待办事项", "checked": false }
{ "type": "todo_list_pro","content": "任务", "task_status": "todo" }
{ "type": "divider" }

代码

{ "type": "code", "content": "print('hello')", "language": "python" }

媒体 / 嵌入

{ "type": "image",    "link": "https://..." }
{ "type": "bookmark", "link": "https://..." }
{ "type": "embed",    "original_link": "https://..." }

表格

{
  "type": "simple_table",
  "table_content": [["列1","列2"],["值1","值2"]],
  "table_setting": { "has_header": true }
}

子页面

{ "type": "page", "content": "子页面标题", "icon": {"type": "emoji", "icon": "📄"} }

富文本 content 格式(带样式)

[
  { "title": "普通文字" },
  { "title": "加粗文字", "bold": true },
  { "title": "斜体",     "italic": true },
  { "title": "链接文字", "link": "https://..." },
  { "title": "红色文字", "front_color": "red" },
  { "title": "代码",     "inline_code": true }
]

错误处理

错误原因解决方案
401 UnauthorizedToken 无效或过期检查 WOLAI_MCP_TOKEN
403 Forbidden无页面权限在页面协作中添加应用权限
404 Not Found页面/块 ID 不存在检查 ID 是否正确
429 Too Many Requests请求过于频繁降低调用频率

注意事项

  • 页面 ID 从 URL 获取:wolai.com/ 后面的部分
  • MCP Token 以 sk- 开头,与 REST API Token(32位hex)不同
  • 读取大页面时先用 get_page_outline,再按需读取 section,避免 token 浪费
  • delete_doc 默认移入回收站,forever: true 才是永久删除,谨慎使用
  • 团队空间页面需在「页面协作 → 应用权限」中添加应用

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…