Siyuan Skill
v1.7.8思源笔记API转CLI工具,支持笔记本管理、文档操作、内容搜索、块控制。当用户操作思源笔记、管理笔记本、创建/更新/删除文档、搜索内容、管理块时调用。
⭐ 3· 496·3 current·4 all-time
bydaze@dazexcl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required binaries (node), and required env vars (SIYUAN_BASE_URL, SIYUAN_TOKEN, SIYUAN_DEFAULT_NOTEBOOK) align with a Siyuan Notes CLI/connector. Optional environment variables and modules (Qdrant, embedding, NLP) are appropriate for the described vector-search/NLP features.
Instruction Scope
SKILL.md instructs running the provided Node CLI (node siyuan.js ...) and documents config and environment usage. Instructions reference only relevant files/config (config.json) and the Siyuan API. The CLI can read files when a --file option is provided (expected for content import), but SKILL.md does not instruct collecting unrelated system data.
Install Mechanism
No install spec is provided (instruction-only install), which is low-risk. However the skill bundle includes many code files (JS modules and a CLI). Because there is no automated install step, the code will run where Node is available; users should verify and inspect the included source before running.
Credentials
Required env vars are proportional to purpose; SIYUAN_TOKEN is the primary credential and is justified. Several optional env vars enable external services (Qdrant, embedding providers such as OLLAMA/EMBEDDING_BASE_URL) — enabling them will send document content or embeddings to those external endpoints, so users should only set those when they trust the target services.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It reads/writes its own config and enforces a delete-protection policy; autonomous invocation is allowed (platform default) but not combined with elevated privileges.
Assessment
This skill appears to do what it claims, but review and consider the following before installing/running:
- Inspect the included JavaScript files (they are bundled with the skill) before executing. Because there is no installation sandbox, the code will run under Node in your environment.
- Provide SIYUAN_BASE_URL and SIYUAN_TOKEN only for a Siyuan instance you control/trust. The token grants API access to your notes.
- Optional features (vector search, embedding, Qdrant, OLLAMA or external EMBEDDING_BASE_URL) will send note content or embeddings to those external services — do not enable them for sensitive data unless you trust the destination and understand data retention/privacy.
- The connector supports allowing self-signed TLS certificates; enabling that (SIYUAN_TLS_ALLOW_SELF_SIGNED and SIYUAN_TLS_ALLOWED_HOSTS) weakens TLS validation and should be used only for trusted internal endpoints.
- The CLI can read local files when given a --file path. Be mindful an automated agent invoking this skill could be used to read files if given paths; rely on the skill's delete-protection settings and do not grant the agent broad autonomy if you are concerned about file access.
If you want higher assurance, run the code in a restricted/test environment first, and verify that network endpoints used by embedding/Qdrant are the ones you expect.Like a lobster shell, security has layers — review code before you run it.
latestvk97cstcgy520kzynmpwgnhqrx583vptn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📝 Clawdis
Binsnode
EnvSIYUAN_BASE_URL, SIYUAN_TOKEN, SIYUAN_DEFAULT_NOTEBOOK
Primary envSIYUAN_TOKEN