Flomo Random Walk
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The embedded token could expose or misuse a Flomo account, and users may unknowingly browse notes tied to that token instead of their own account.
The skill embeds a Flomo bearer credential for account access, despite the registry metadata declaring no primary credential or required environment variables.
## API 凭证 ... Token: `fmcp_P7Oq...rjes` ... MCP URL: `https://flomoapp.com/mcp`
Remove the embedded token, revoke and rotate it, and require each user to provide their own Flomo token through a declared secret or environment variable.
When used, the agent will contact Flomo and read note content from the authorized account.
The skill uses direct Flomo MCP/API calls to retrieve notes. This is expected for the stated random-walk purpose, but it gives the agent access to private note data when invoked.
curl -X POST "https://flomoapp.com/mcp" ... "method":"tools/call","params":{"name":"get_daily_review"Use only with a trusted, user-owned Flomo token and verify the account and requested actions before running the walk.
Future sessions or anyone with access to the memory file may see which notes and tags were explored.
The skill persists walk history containing note IDs and tags. This is disclosed and related to the feature, but it stores private-note metadata for later reuse.
记录到 `memory/flomo-random-walk-history.json` ... "path": ["id1", "id2", "id3"], "start_tag": "Resource/AI", "end_tag": "Project/出海"
Make history storage optional, document retention and deletion, and avoid storing full note content or unnecessary identifiers.