ClawHub

Quick Capture

v1.0.0

帮用户把信息写入笔记系统:碎片化信息原样追加到当日 Journal(不改),待整理的笔记归纳成结构化知识写到 Inbox(要完善)。触发于:记笔记、记碎片、存一下、写到 inbox/journal 等。

0· 91·0 current·0 all-time
bywuu Dao@daowuu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included script: the Python script creates or appends Markdown files under 'Inbox' and 'Journal'. Required binary (python3) is appropriate and no unrelated credentials or tools are requested.
Instruction Scope
The SKILL.md tells the agent to 'enrich' Inbox entries (summarize/structure content) while preferring to invoke the bundled script to persist the result. The script itself does not perform any semantic enrichment — it simply writes the provided content to disk. Also, the SKILL.md examples use $SKILLS_ROOT when invoking the script, but the script computes a vault root using Path(__file__).resolve().parents[4], which is brittle and may resolve to a directory different from what the operator expects. These are functional mismatches rather than malicious behavior.
Install Mechanism
No installation actions are specified (instruction-only + included script). No downloads, package installs, or external code pulls are used.
Credentials
The skill requests no environment variables, credentials, or config paths. The script operates purely on the filesystem and prints a JSON result to stdout.
Persistence & Privilege
always:false and the skill does not attempt to modify other skills or system-wide settings. It writes files only within a vault root computed relative to the script.
Assessment
This skill appears to do what it says (write Inbox/Journal entries) and does not phone home or require credentials, but check a few things before use: - Verify where files will be written: the script computes a vault_root via Path(__file__).resolve().parents[4]. That path is brittle and could place notes somewhere unexpected depending on how skills are installed. Test in a safe directory to confirm the actual output paths. - Remember the model/agent is expected to 'enrich' Inbox content before calling the script. The script itself will not summarize or transform the text — it just writes whatever content you pass. If you expect automatic enrichment, ensure the agent is performing that step before invoking the script. - Consider editing the script to accept an explicit vault path (or to use a declared SKILLS_ROOT env var) to avoid surprises and to control where data is stored. - Be mindful of sensitive data: the skill writes plain text to disk. Ensure appropriate file permissions and backups if you will store secrets or personal data. If you want more assurance, run the script locally with test input to see exactly what files it creates and where, or request a variant that takes an explicit output directory.

Like a lobster shell, security has layers — review code before you run it.

latestvk970nc5e48rxpnb0hs1n5tfep183mszq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
Binspython3

Comments