Back to skill
Skillv1.7.8
ClawScan security
Siyuan Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 29, 2026, 3:11 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (a Siyuan Notes CLI/connector); required env vars, binaries and instructions match the functionality, with no obvious misdirection or unrelated credential requests.
- Guidance
- This skill appears to do what it claims, but review and consider the following before installing/running: - Inspect the included JavaScript files (they are bundled with the skill) before executing. Because there is no installation sandbox, the code will run under Node in your environment. - Provide SIYUAN_BASE_URL and SIYUAN_TOKEN only for a Siyuan instance you control/trust. The token grants API access to your notes. - Optional features (vector search, embedding, Qdrant, OLLAMA or external EMBEDDING_BASE_URL) will send note content or embeddings to those external services — do not enable them for sensitive data unless you trust the destination and understand data retention/privacy. - The connector supports allowing self-signed TLS certificates; enabling that (SIYUAN_TLS_ALLOW_SELF_SIGNED and SIYUAN_TLS_ALLOWED_HOSTS) weakens TLS validation and should be used only for trusted internal endpoints. - The CLI can read local files when given a --file path. Be mindful an automated agent invoking this skill could be used to read files if given paths; rely on the skill's delete-protection settings and do not grant the agent broad autonomy if you are concerned about file access. If you want higher assurance, run the code in a restricted/test environment first, and verify that network endpoints used by embedding/Qdrant are the ones you expect.
Review Dimensions
- Purpose & Capability
- okName/description, required binaries (node), and required env vars (SIYUAN_BASE_URL, SIYUAN_TOKEN, SIYUAN_DEFAULT_NOTEBOOK) align with a Siyuan Notes CLI/connector. Optional environment variables and modules (Qdrant, embedding, NLP) are appropriate for the described vector-search/NLP features.
- Instruction Scope
- okSKILL.md instructs running the provided Node CLI (node siyuan.js ...) and documents config and environment usage. Instructions reference only relevant files/config (config.json) and the Siyuan API. The CLI can read files when a --file option is provided (expected for content import), but SKILL.md does not instruct collecting unrelated system data.
- Install Mechanism
- noteNo install spec is provided (instruction-only install), which is low-risk. However the skill bundle includes many code files (JS modules and a CLI). Because there is no automated install step, the code will run where Node is available; users should verify and inspect the included source before running.
- Credentials
- noteRequired env vars are proportional to purpose; SIYUAN_TOKEN is the primary credential and is justified. Several optional env vars enable external services (Qdrant, embedding providers such as OLLAMA/EMBEDDING_BASE_URL) — enabling them will send document content or embeddings to those external endpoints, so users should only set those when they trust the target services.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills. It reads/writes its own config and enforces a delete-protection policy; autonomous invocation is allowed (platform default) but not combined with elevated privileges.