Learning Notes Explorer
v1.0.0学习笔记 - Explore, search, and synthesize personal learning notes. Use when user asks about 笔记整理、学习回顾、知识搜索、笔记查询, or wants to explore their accumulated learning...
⭐ 0· 67·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description claim an explorer for personal learning notes; the code implements a local JSON-backed note index, search, connection-finding and synthesis helpers which match the stated purpose. However SKILL.md suggests integration with external stores (Obsidian, Notion) and other skills, while handler.py only loads notes from a local notes.json (or uses bundled demo notes). That mismatch is likely an implementation limitation (no remote connectors) rather than malicious, but it should be clear to users.
Instruction Scope
SKILL.md asks for access to note storage (local files, Obsidian, Notion, etc.). The runtime instructions and handler.py only read a local notes.json in a notes_dir and otherwise use demo notes; there are no instructions to read unrelated system files, environment variables, or send data externally. The scope is conservative at runtime, but the documentation's claim of broad storage support is not reflected in code.
Install Mechanism
No install spec is present (instruction-only with a Python handler). Nothing is downloaded or written beyond reading a local notes.json; this is low-risk from an install perspective.
Credentials
The skill declares no required environment variables or credentials, which matches the actual code. SKILL.md mentions connecting to third‑party services (Notion, etc.), which would normally require API keys—but none are requested or used in the code. If you intend to extend it to remote stores, additional credentials would be needed and should be reviewed then.
Persistence & Privilege
The skill is not configured as always:true, does not request elevated privileges, and does not modify other skills or global agent configuration. It only reads (and indexes) a notes.json from a configurable notes_dir.
Assessment
This skill appears to be a simple local note-search/synthesis tool and the code reads a local notes.json (default notes_dir is set to /tmp/test-notes in config.json). Before installing or granting permissions: 1) Confirm where your real notes are stored and whether you need the skill to access remote services (Obsidian/Notion); the current code does not implement remote connectors or request API keys. 2) If you map notes_dir to a directory with sensitive files, the skill will read notes.json there—review that file format and contents. 3) If you plan to extend or modify the skill to integrate with cloud note services, expect it to require API keys/tokens—only grant those to code you trust and review any added network calls. 4) If you want assurance there is no hidden network activity, you can run the handler locally and monitor network/system calls; the provided handler.py shows only local file I/O and in-memory indexing.Like a lobster shell, security has layers — review code before you run it.
latestvk9797sp716rc45c2sn6a0ytce983ve83
License
MIT-0
Free to use, modify, and redistribute. No attribution required.