Siyuan Skill
Security checks across malware telemetry and agentic risk
Overview
This appears to be a legitimate SiYuan Notes CLI skill, but it can read, change, delete, and optionally index notes, so users should configure its token and scope carefully.
Install only if you want an agent to manage your SiYuan notes. Configure the SiYuan token carefully, restrict notebook access if possible, keep deletion protection enabled, and use trusted/local vector and embedding services before enabling semantic indexing.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overly broad command could overwrite, move, or delete notes or blocks.
The skill exposes commands that can update or delete documents and blocks. This is expected for a SiYuan management CLI, but these are high-impact actions if run against the wrong ID.
| 修改整个文档 | `update` / `edit` ... | | 删除文档 | `delete` / `rm` | 文档ID | | 删除单个块 | `block-delete` / `bd` | 块ID |
Use read/check commands first, keep deletion safe mode enabled unless explicitly needed, and require clear user confirmation before destructive edits.
If the configured SiYuan token has broad access, the agent can operate across all accessible notebooks.
The configuration includes SiYuan API token use and defaults the notebook permission mode to all, with whitelist/blacklist controls available but not enabled by default.
token: '', ... permissionMode: 'all', // all, blacklist, whitelist notebookList: [],
Prefer a least-privilege token where possible, and configure whitelist mode with an explicit notebook list for agent access.
Private notes may be represented in a persistent search index or sent to configured embedding/vector services.
The CLI includes a command to index documents into a vector database, meaning note content or embeddings may persist outside the original SiYuan notebook store.
index, index-documents 索引文档到向量数据库
Use local or trusted Qdrant and embedding endpoints, understand retention of indexed data, and exclude sensitive notes from indexing where possible.