Yiliu
v1.2.3Yiliu - AI-powered note-taking knowledge base with semantic search, auto-summarization, and version management
⭐ 0· 96·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (AI note-taking with semantic search, summaries, versioning) matches the code and declared dependencies: local DB (LibSQL), vector store, local embeddings (@xenova/transformers) and optional OpenAI calls. Required binaries/env in the registry are empty but the skill sensibly treats OPENAI_API_KEY as optional; the included npm dependencies are appropriate for the stated features.
Instruction Scope
SKILL.md and code limit actions to note capture, local storage under ./data and model cache under the user's home cache dir, semantic/vector search, and optional API calls to OpenAI. There are no instructions to read unrelated system files, exfiltrate arbitrary credentials, or send data to unexpected endpoints beyond OpenAI (and local model downloads/cache).
Install Mechanism
There is no registry install spec (instruction-only), but the bundle includes package.json and source files implying npm install/build is required. That is a reasonable pattern, but users should be aware running npm install will pull many third-party packages from npm (normal for Node apps). No downloads from obscure single-host URLs or extract-from-URL steps were observed.
Credentials
The only sensitive environment variable referenced is OPENAI_API_KEY (optional) for cloud AI features; other env vars (OPENAI_BASE_URL, YILIU_DATA_PATH, XENOVA_CACHE_DIR, model names) are for configuration. The registry not requiring env vars is consistent because cloud AI is optional. No unrelated service credentials or excessive secret requests are present.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide agent settings. It persists data under local ./data and uses a model cache directory in the user's home (expected for local models). Autonomous invocation is enabled by default (normal) but not combined with other red flags.
Scan Findings in Context
[system-prompt-override] expected: The code intentionally constructs 'system' prompts for the LLM (e.g., to produce structured JSON for summaries/tags). The pre-scan flag likely reflects these legitimate system prompts rather than a prompt-injection attempt embedded in SKILL.md.
Assessment
This skill appears to do what it says: local SQLite/LibSQL storage (data/yiliu.db and data/vectors.json), optional OpenAI network calls if you set OPENAI_API_KEY, and local model caching under your home directory for xenova transformers. Before installing: 1) If you don't want note contents sent to OpenAI, do not set OPENAI_API_KEY (the skill falls back to local or keyword search). 2) Review package.json and consider running npm install in an isolated environment (or review dependency list) since it will pull many npm packages. 3) Expect the skill to write files under ./data and to ~/.cache/yiliu/models (configurable via env vars). 4) If you plan to provide an OpenAI key, consider using a restricted key or monitoring usage. 5) If you want extra assurance, inspect the omitted vector/storage files or run the code in a sandbox before granting access to sensitive notes.src/ai/index.ts:13
Environment variable access combined with network send.
src/commands/note.ts:31
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.Like a lobster shell, security has layers — review code before you run it.
latestvk97654nwefkq9tjra1fr8ppm8d839m5v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.