ClawHub

Mowenskill Clean

v1.0.3

Publish, edit, or configure notes on Mowen (墨问) via Open API. Use when user mentions 墨问, mowen, 发布笔记, publish note, or wants to create social-media-style not...

0· 113·1 current·1 all-time
by@jacobluo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (publish/edit/configure Mowen notes) match the declared env var (MOWEN_API_KEY) and the included script which calls the documented open.mowen.cn APIs. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md instructions mirror the script's behavior: building NoteAtom JSON, uploading images (remote or local), creating/editing notes, and returning noteId. The runtime instructions do not request unrelated system files or extraneous credentials. Note: the script will read any local file paths you include for image uploads and then upload them to the storage endpoint returned by the API (expected behavior for image upload).
Install Mechanism
No install spec; skill is instruction + Python code that uses only the standard library. Nothing is downloaded from third-party URLs or installed automatically.
Credentials
Only a single environment variable (MOWEN_API_KEY) is required and declared as the primary credential. That is proportional to a skill that calls Mowen's Open API. The SKILL.md and code do not reference other hidden env variables.
Persistence & Privilege
Skill is not forced-always and uses normal, user-invocable behavior. It does not request persistent platform privileges or modify other skills' settings.
Assessment
This skill appears to do what it claims, but exercise normal caution: only provide a MOWEN_API_KEY you trust (create a scoped or revokable key if possible), inspect the included scripts before running, and avoid passing local file paths that reference sensitive files (the script will read and upload any local files you specify as images to the storage endpoint returned by the API). If you want extra safety, run the script in an isolated environment, use an API key with limited quotas/permissions, and review tests in tests/test_publish_note.py which mock network calls to validate local logic.

Like a lobster shell, security has layers — review code before you run it.

latestvk971m8a99b88syzygr44g2mvgd83d3z6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMOWEN_API_KEY
Primary envMOWEN_API_KEY

Comments