ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web-to-FIM | 网页内容转 Markdown/飞书/IMA

v2.2.0

将任意网页链接或本地文件一键转为结构化 Markdown,并保存到 Obsidian Vault、飞书云文档或腾讯 IMA 笔记。 支持的信源:(1) X/Twitter 推文、长文 Article、Thread 线程;(2) 微信公众号文章; (3) 小红书笔记;(4) 微博;(5) YouTube 视频;(6...

0· 81·0 current·0 all-time
byAI花生@edwardwason

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for edwardwason/web-to-fim.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Web-to-FIM | 网页内容转 Markdown/飞书/IMA" (edwardwason/web-to-fim) from ClawHub.
Skill page: https://clawhub.ai/edwardwason/web-to-fim
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install web-to-fim

ClawHub CLI

Package manager switcher

npx clawhub@latest install web-to-fim
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (web → Markdown → Obsidian/Feishu/IMA) matches the included scripts and clients. However registry metadata in the top-level listing claimed 'Required env vars: none' while the bundled _meta.json and SKILL.md declare FEISHU_APP_ID/FEISHU_APP_SECRET, IMA_CLIENT_ID/IMA_API_KEY and OBSIDIAN_VAULT_PATH. That inconsistency could mislead users about required credentials.
!
Instruction Scope
SKILL.md and the scripts limit activity to the provided URL/local file, writing to a user-configurable Obsidian path and calling Feishu/IMA APIs. However web_to_md.py executes an external script via subprocess at ~/.aily/workspace/skills/x-tweet-fetcher/scripts/fetch_tweet.py if a Twitter/X URL is detected. Executing a script from a user-writable location (and cloning guidance is provided) is a real risk: a malicious or tampered x-tweet-fetcher placed there would be executed with the user's privileges. Otherwise the instructions do not attempt to read unrelated system files or hidden credentials.
Install Mechanism
There is no install spec (instruction-only), which reduces install-time risk. But dependency lists are inconsistent: SKILL.md and _meta.json require 'markitdown, requests, python-dotenv', while requirements.txt only lists 'requests' and 'python-dotenv' (missing markitdown). The skill also suggests cloning an external GitHub repo for x-tweet-fetcher; that introduces an implicit external code dependency that is not installed automatically.
Credentials
Requested environment variables (FEISHU_APP_ID/FEISHU_APP_SECRET, IMA_CLIENT_ID/IMA_API_KEY, OBSIDIAN_VAULT_PATH) are reasonable for the described destinations. The code enforces Feishu/IMA credentials only when those services are used (errors are caught), and defaults for OBSIDIAN_VAULT_PATH are provided. The only oddity is that _meta.json lists these env vars as required globally whereas the scripts allow operation without them if Feishu/IMA are skipped.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills or system-wide agent settings. It writes files only to the user-controlled Obsidian vault and temporary files, which is consistent with its purpose.
What to consider before installing
This skill appears to do what it says, but review these before installing: (1) Expect to set FEISHU_* and IMA_* env vars only if you plan to push to those cloud services — otherwise you can skip them. (2) The skill may run an external 'x-tweet-fetcher' script from ~/.aily/workspace/skills; only clone or place that repo there if you trust its source. Running third-party code from a user-writable directory is the main risk. (3) The packaged requirements are inconsistent — ensure you pip install markitdown, requests, python-dotenv as documented. (4) Inspect or test the Feishu/IMA client calls in a safe environment (use least-privileged API keys) — revoke or rotate keys after testing if concerned. If you want lower risk, run the conversion scripts locally (and avoid cloning x-tweet-fetcher) and do not provide cloud credentials.

Like a lobster shell, security has layers — review code before you run it.

ai-information-managementvk97ac6z0qaad1dhcnhmd2wkzqh855fdblatestvk97ac6z0qaad1dhcnhmd2wkzqh855fdbproductivityvk97ac6z0qaad1dhcnhmd2wkzqh855fdb
81downloads
0stars
2versions
Updated 1w ago
v2.2.0
MIT-0
AI花生@edwardwason
ai-information-managementlatestproductivity
Download

Web-to-FIM | 网页内容转 Markdown/飞书/IMA

🤖 AI 时代必备的信息库基础技能

在 AI 时代,无论是使用 OpenClawHermes Agent,还是实践 Obsidian + LLM 的信息管理方法论,一键入库、人机共用的 AI 信息库搭建都是必备的基础设施。

Web-to-FIM 就是这样一个基础技能:它将任意网络内容一键转换为结构化 Markdown,并同步到:

  • 📝 Obsidian Vault - 本地个人知识库,带 frontmatter
  • 📚 飞书云文档 - 云端团队协作
  • 🧠 腾讯 IMA 笔记 - AI 原生知识库

将任意网页链接或本地文件一键转为结构化 Markdown,并保存到 Obsidian Vault、飞书云文档或腾讯 IMA 笔记。

支持的信源

信源URL 特征抓取方式
X/Twitterx.com / twitter.comx-tweet-fetcher
微信公众号mp.weixin.qq.commarkitdown-plus
小红书xiaohongshu.com / xhslink.commarkitdown-plus
微博weibo.commarkitdown-plus
YouTubeyoutube.com / youtu.bemarkitdown-plus
任意网页其他 http(s):// 链接markitdown-plus

本地文件支持

类型扩展名
PDF.pdf
Word.docx / .doc
PowerPoint.pptx / .ppt
Excel.xlsx / .xls
图片.png .jpg .jpeg .gif .webp
音频.mp3 .wav .m4a .flac
数据.csv .json .xml

输出目的地

目的地环境变量说明
Obsidian VaultOBSIDIAN_VAULT_PATH本地保存到指定目录,带 frontmatter(默认:E:\Obsidian\md\inbox
飞书云文档FEISHU_APP_ID + FEISHU_APP_SECRET云端服务,参考 references/feishu-setup.md
腾讯 IMAIMA_CLIENT_ID + IMA_API_KEY云端 API,无需本地客户端,参考 references/ima-setup.md

Obsidian Vault 路径配置

跨平台支持,通过环境变量 OBSIDIAN_VAULT_PATH 配置:

# Windows (PowerShell)
$env:OBSIDIAN_VAULT_PATH = "C:\Users\YourName\Obsidian\Vault\inbox"

# Windows (CMD)
set OBSIDIAN_VAULT_PATH=C:\Users\YourName\Obsidian\Vault\inbox

# macOS/Linux
export OBSIDIAN_VAULT_PATH=~/Obsidian/Vault/inbox

如果未设置,默认使用:

  • Windows: E:\Obsidian\md\inbox
  • macOS/Linux: ~/Obsidian/inbox

一键保存到所有目的地

使用 web_to_all.py 一键转换并保存到 Obsidian/飞书/IMA:

python3 scripts/web_to_all.py --url "<url_or_path>"
python3 scripts/web_to_all.py --url "<url>" --title "自定义标题"
python3 scripts/web_to_all.py --url "<url>" --no-feishu --no-ima  # 仅保存 Obsidian

安全配置

⚠️ 凭证必须通过环境变量配置,禁止硬编码:

飞书配置

# 设置环境变量
$env:FEISHU_APP_ID = "your_app_id"
$env:FEISHU_APP_SECRET = "your_app_secret"

参考 references/feishu-setup.md 获取凭证。

ima 配置

# 设置环境变量
$env:IMA_CLIENT_ID = "your_client_id"
$env:IMA_API_KEY = "your_api_key"

参考 references/ima-setup.md 获取凭证。

工作流

步骤 1:转换为 Markdown

python3 scripts/web_to_md.py --url "<url_or_path>" --output <output.md>

路由逻辑:

  • X/Twitter → x-tweet-fetcher 抓取 JSON → tweet_to_md.py 结构化转换
  • 其他所有 → markitdown-plus 直接转换

步骤 2:存入目的地

Obsidian Vault

from scripts.web_to_all import save_to_obsidian
filepath = save_to_obsidian(markdown_content, title, url)

飞书云文档

from scripts.feishu_client import FeishuClient

client = FeishuClient()
result = client.create_document(title="文档标题", content_md=markdown_content)
print(f"文档 URL: {result['url']}")

腾讯 ima

from scripts.ima_client import IMAClient

client = IMAClient()
result = client.create_note(title="笔记标题", content=markdown_content)
print(f"笔记 URL: {result['url']}")

验证连接

# 验证飞书
python scripts/feishu_client.py --action test

# 验证 ima
python scripts/ima_client.py --action test

故障处理

问题解决方案
x.com SSL 超时x-tweet-fetcher 使用 FxTwitter API 中转
markitdown 模块丢失pip install markitdown
微信反爬拦截markitdown 自动用移动端 UA 重试
飞书凭证无效检查 FEISHU_APP_IDFEISHU_APP_SECRET
ima 凭证无效检查 IMA_CLIENT_IDIMA_API_KEY

依赖与安装

完整依赖列表

依赖安装命令说明
markitdownpip install markitdown网页转 Markdown 核心库
requestspip install requestsHTTP 请求
python-dotenvpip install python-dotenv环境变量管理
x-tweet-fetcher克隆到 ~/.aily/workspace/skills/x-tweet-fetcherX/Twitter 专用抓取(可选)

一键安装所有依赖

# 安装 Python 依赖
pip install markitdown requests python-dotenv

x-tweet-fetcher(可选,仅用于 X/Twitter)

# 克隆到技能目录
cd ~/.aily/workspace/skills
git clone https://github.com/EdwardWason/x-tweet-fetcher.git

如果不安装 x-tweet-fetcher,X/Twitter 链接将使用 markitdown 直接处理。

安全声明

🔒 安全设计原则

  1. **凭证安全

    • 所有 API 凭证通过环境变量配置,无硬编码
    • 支持 `FEISHU_APP_ID, FEISHU_APP_SECRET, IMA_CLIENT_ID, IMA_API_KEY

  2. **文件操作

    • 仅在用户明确指定时写入文件
    • Obsidian Vault 路径完全可控
    • 支持通过 --no-feishu / --no-ima` 选择性禁用功能

  3. **隐私保护

    • 不读取任何未经授权的用户配置文件
    • 所有网络请求仅针对用户提供的 URL
    • 本地文件仅用于转换,不主动扫描

  4. **权限透明

    • 文件写入范围:Obsidian Vault 目录、临时 Markdown 文件
    • 文件读取范围:用户指定的 URL、本地输入文件

Comments

Loading comments...