Back to skill
Skillv1.0.0
ClawScan security
OpenClaw Flomo Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 6:19 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (reading local flomo state and calling flomo APIs/webhooks) matches its description, but it will read sensitive local files (config, IndexedDB) and relies on local binaries that the registry metadata doesn't declare — review before installing.
- Guidance
- This skill appears to do what it says: to work it reads your local flomo desktop data (config.json and IndexedDB) to obtain the access_token and to discover incoming webhook paths, and it calls flomo APIs/webhooks. That access is necessary for functionality but is sensitive: do not share your flomo config.json. Before installing, verify you trust the skill source and review scripts/flomo_tool.py yourself. Note the registry metadata does not declare required binaries (the script invokes curl and strings) or the optional env vars documented in README; ensure you are comfortable giving the script read access to ~/Library/Containers/com.flomoapp.m/... and network access to flomoapp.com. If you prefer tighter control, set FLOMO_ACCESS_TOKEN or FLOMO_CONFIG_PATH to a limited/throwaway token or run the script in a confined environment and inspect its output (it masks webhook URLs when printing).
Review Dimensions
- Purpose & Capability
- okThe name/description (read/write flomo memos on macOS) aligns with what the code and docs do: the script reads the local flomo config/IndexedDB and calls flomo APIs or incoming webhook URLs to read/write memos. The declared purpose justifies access to the config and flomo API.
- Instruction Scope
- noteSKILL.md instructs running the included Python script. The script reads local files (config.json, IndexedDB .ldb, renderer.log), extracts tokens/entries, and performs network calls to flomo endpoints. Reading the local flomo config and IndexedDB is necessary for the stated features, but these files contain sensitive tokens/webhook paths, so this is notable and should be expected by the user.
- Install Mechanism
- okThis is an instruction-only skill with a bundled script; there is no external download or install step. Nothing is being pulled from remote sources at install time.
- Credentials
- noteThe registry metadata lists no required env vars, but README and the script allow/expect several optional env vars (FLOMO_CONFIG_PATH, FLOMO_ACCESS_TOKEN, FLOMO_API_BASE, etc.). The script will read ~/Library/.../config.json and IndexedDB to obtain access_token and webhook info — this is required for function but is sensitive access (it can expose your flomo access token/webhook). The code also invokes system binaries (curl, strings) though the registry did not declare these requirements.
- Persistence & Privilege
- okThe skill does not request always: true, does not modify other skills, and has no install that persists system-wide beyond being copied into the OpenClaw workspace. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.