ClawHub

印象笔记

v1.0.0

印象笔记 API skill,用于管理用户的印象笔记。支持搜索笔记、浏览笔记本、获取笔记内容、新建笔记和追加内容。 当用户提到印象笔记、Evernote、笔记、备忘录、记事、知识库,或者想要查找、阅读、创建、编辑笔记内容时,使用此 skill。 即使用户没有明确说"笔记",只要意图涉及个人文档的存取(如"帮我记一...

0· 152·1 current·1 all-time
by@heavenchenggong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Evernote note management) match the declared requirement EVERNOTE_TOKEN and the documented API calls (search, list, read, create, update). No unrelated environment variables or binaries are requested.
Instruction Scope
SKILL.md stays within the Evernote integration scope (initialization, ENML helpers, workflows). Minor issues: it suggests inserting a hard-coded sys.path entry pointing to /Users/I501579/... (a user-specific path) which is not necessary and should be adapted or removed, and the provided test script prints the first ~20 characters of the token to stdout which may leak part of the token into logs—these are sloppy but not indicative of malicious intent.
Install Mechanism
No install spec (instruction-only skill); Python dependency installation is via pip (evernote2, oauth2), which is proportionate and expected. Nothing is downloaded from arbitrary URLs or executed implicitly by the platform.
Credentials
Only EVERNOTE_TOKEN is required (EVERNOTE_HOST optional) which is appropriate. Caveat: test scripts and examples echo part of the token; avoid running these where stdout is shared. No unrelated credentials or high-privilege environment paths are requested.
Persistence & Privilege
always:false and default autonomous invocation are set (normal). The skill does not request persistent platform-wide privileges or modify other skills. It only uses local environment variables for authentication.
Assessment
This skill appears to be what it says (Evernote integration). Before installing: 1) Only provide your own EVERNOTE_TOKEN and never paste it into public places; prefer setting it as an environment variable in a private shell. 2) Review and remove or adapt the hard-coded sys.path line in SKILL.md (it's a user-specific path and not required). 3) Be aware test_evernote.py prints the first ~20 characters of your token—avoid running it in shared/recorded environments or modify the script to omit printing the token. 4) Install the Python packages locally (pip3 install evernote2 oauth2) and verify the repository origin/source since the skill's source is listed as unknown. 5) If you plan to use this in a multi-user or production app, implement proper OAuth rather than developer tokens as recommended in the docs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwrx7tktz8zbyh5hdedmpkd83ea7bproductivityvk97cwrx7tktz8zbyh5hdedmpkd83ea7b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📔 Clawdis
EnvEVERNOTE_TOKEN
Primary envEVERNOTE_TOKEN

Comments