ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Siyuan Agent

v2.0.6

Interact with SiYuan notes via direct HTTP API. Use when reading, writing, searching, or managing SiYuan blocks, documents, notebooks, attributes, assets, or...

0· 77·0 current·0 all-time
byYi Lok Enoch Lam@eloklam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description (SiYuan HTTP API client) matches the code and SKILL.md: the tool needs a SiYuan API token and optionally a base URL. However the registry metadata lists no required env vars while SKILL.md and lib/api.js require SIYUAN_TOKEN (primaryCredential). This metadata omission is an incoherence that could mislead users about credential requirements.
Instruction Scope
SKILL.md instructions are specific and align with the implemented commands. The skill enforces SELECT-only for sql, requires write=true for write operations, and hard-blocks certain notebook-management paths. The runtime instructions do not request unrelated files or credentials.
Install Mechanism
No install spec (instruction-only plus small JS files included). There are no external downloads or package installs — low install risk.
!
Credentials
The only credential used is SIYUAN_TOKEN (appropriate for a SiYuan API client). But the registry metadata failing to declare this required env var is a red flag. Additionally SIYUAN_BASE (default localhost) is user-configurable; if set to a remote host it would cause the skill to send the token and data to that host, enabling token exfiltration if misconfigured or maliciously set.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system configs. Autonomous invocation is allowed (platform default) but not combined with elevated privileges in this package.
What to consider before installing
This skill appears to implement exactly what it claims (a SiYuan HTTP API CLI) and enforces reasonable write and SQL restrictions, but the package metadata omitted the required SIYUAN_TOKEN. Before installing: (1) Confirm you set SIYUAN_TOKEN — the tool will exit without it; (2) Keep SIYUAN_BASE at the default localhost unless you intentionally want to point it elsewhere (setting it to a remote URL will send your token and data to that host); (3) Inspect the small JS files (they're included and readable) to verify no unexpected network targets; (4) Prefer minimizing agent autonomy or restricting the skill's use until you trust the publisher; and (5) Verify the publisher/slug/source — the registry metadata inconsistency could be a packaging error, but treat it as a warning.
lib/api.js:1
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9781tyjasgh8db4zh0twm597983ab0h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments