OpenClaw Capture

Key points to consider before installing/using this skill: - Metadata mismatch: The registry lists no required env vars, but SKILL.md and the code require several sensitive environment variables (model API key, Telegram bot token, Feishu webhook) and may read legacy config files. Treat the SKILL.md as authoritative and do not assume the registry metadata is complete. - Secrets and network calls: The skill will send data to external endpoints (model API base, Telegram API, Feishu webhook). Only provide API keys and tokens you trust the code to use. If you cannot review the receiving endpoints (for example aiHubMix), do not set the keys. - Local code import and execution: In library mode the skill inserts your legacy project's src onto PYTHONPATH and imports openclaw_capture_workflow — that import executes code from the local repo. Only enable library mode if you trust the local repository contents. Review the local repo before use. - Subprocess execution: If you set OPENCLAW_CAPTURE_LOCAL_STT_COMMAND, the skill will format and run that command (via shlex.split and subprocess.run). Avoid putting untrusted templated shell constructs in that variable; it can execute arbitrary commands. - Filesystem writes: The skill creates state and artifact directories and (via the legacy workflow) may write notes into an Obsidian vault or other local paths. Ensure state_dir and vault paths are acceptable and isolated if needed. - Mitigations: run in an isolated environment (container or dedicated account), review the bundled scripts and any local openclaw_capture_workflow checkout, avoid exposing high-privilege credentials, and prefer HTTP backend mode to isolate execution from importing local code if you cannot audit the local repo. If you want, I can (1) point out the exact lines that read/write files or make network calls, (2) list all environment variables the code actually reads, or (3) summarize the security implications of running in library vs http backend mode.