ClawHub

赛博鲁班日记

v1.2.0

AI diary service - push diary entries, query diaries, get AI analysis and cover images via HTTP API.

1· 254·0 current·0 all-time
by@fengye607
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (AI diary: push/query/analysis/cover images) align with the SKILL.md endpoints (image.yezishop.vip). However, the setup instructs users to 'authorize with Feishu' via an unfamiliar domain (image.yezishop.vip) — that raises questions about whether this is an official Feishu integration or a third party mediating Feishu auth.
!
Instruction Scope
Runtime instructions only call curl/jq against image.yezishop.vip endpoints (consistent with the described API). Concerns: the auth step directs users to click a third-party link that 'authorizes with Feishu' — the docs do not state what scopes the token has. The skill instructs embedding the token into the URL path for API calls, which can expose the token in logs, referers, and shell history. There are no instructions that read other files or env vars, but the auth redirect is the main scope creep/risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. Required binaries (curl, jq) match the provided curl/jq examples. Low installation risk because nothing is downloaded or written by the skill itself.
!
Credentials
Only one env var (AI_DIARY_TOKEN) is requested, which is proportionate, but the doc describes it as a 'long-lived' Feishu-linked token with no stated scopes. That is risky: a long-lived Feishu token could grant broader access to the user's account than needed. Additionally, placing the token in the URL path increases accidental exposure (logs, referers). The skill does not justify why a long-lived token or the specific scopes are required.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system settings. It is user-invocable and allows autonomous invocation by default (platform standard).
What to consider before installing
This skill appears to implement a diary API using curl/jq, but exercise caution before installing: the setup asks you to log in via a third-party URL (image.yezishop.vip) that claims to 'authorize with Feishu' and to copy a long‑lived token. That token may grant broad access to your Feishu account and could be exposed because examples put it directly in request URLs. Before proceeding, verify the service's trustworthiness and privacy policy, confirm what token scopes are issued (prefer least privilege and short-lived keys), avoid using your primary Feishu account (create a dedicated account if possible), and prefer sending tokens in an Authorization header rather than embedding them in URLs. If you suspect the token is exposed, regenerate/revoke it immediately. If you need help assessing the service domain or safer invocation patterns, get more details from the skill author or the service operator before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📔 Clawdis
Binscurl, jq
EnvAI_DIARY_TOKEN
Primary envAI_DIARY_TOKEN
latestvk974vyheba4sbnfhfj3j826pjx82fbn1
254downloads
1stars
3versions
Updated 1mo ago
v1.2.0
MIT-0
@fengye607
latest
Download

赛博鲁班日记

An AI-powered diary service. Push diary entries, retrieve them by date, get AI-generated analysis (feedback + keywords), and fetch cover images.

Setup

  1. Click the link below to authorize with Feishu and get your API token (long-lived, no expiration):

    https://image.yezishop.vip/api/openclaw/auth-redirect

  2. After Feishu login, copy the token displayed on the page.

  3. Set the token as an environment variable:

export AI_DIARY_TOKEN="your_token_here"

Usage

Push a diary entry

When the user wants to save or push a diary entry for a specific date:

curl -s -X POST "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"date\": \"$DATE\", \"content\": \"$CONTENT\"}" | jq .
  • date must be in YYYY-MM-DD format
  • content is the diary text

Get diary by date

When the user asks about a specific date's diary:

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries?date=$DATE" | jq .

List recent diaries

When the user wants to see recent diary entries:

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries?limit=$LIMIT&offset=$OFFSET" | jq .
  • limit defaults to 20, offset defaults to 0

Get a single diary by ID

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries/$DIARY_ID" | jq .

Analyze a diary (AI feedback + keywords)

When the user wants AI analysis of a diary entry. Returns cached result if analysis already exists:

curl -s -X POST "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries/$DIARY_ID/analyze" \
  -H "Content-Type: application/json" | jq .

Response includes feedback (text review) and keywords (3 key terms).

Get diary cover image

curl -s "https://image.yezishop.vip/api/diary-hook/$AI_DIARY_TOKEN/diaries/$DIARY_ID/image" | jq .

Returns image field with the image URL, or null if no image exists.

Response Format

All endpoints return JSON with success: true/false. Diary objects contain:

  • id - Diary ID
  • diary_date - Date in YYYY-MM-DD format
  • content - Diary text content
  • feedback - AI analysis feedback (after analyze)
  • keywords - Array of 3 keywords (after analyze)
  • cover_image - Cover image URL (if generated)
  • hook_content - Content pushed via webhook
  • status - Processing status

Important Notes

  • The API token is tied to your Feishu account. Keep it secure.
  • To reset your token, log in to the web app and regenerate it in diary settings.
  • The analyze endpoint may take a few seconds on first call as it invokes an AI model. Subsequent calls return cached results instantly.

Comments

Loading comments...