思源笔记增强版
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this script is run, it will send an authorization token to a hard-coded SiYuan server address and may operate against the wrong notebook environment.
The source contains a real-looking SiYuan API token and fixed private-network endpoint, despite the documented credential path being SIYUAN_API_TOKEN or user config.
API_URL = "http://192.168.1.6:6811"
TOKEN = "xz1eblvxst0zqcpm"
headers = {
'Authorization': f'Token {TOKEN}',Remove hard-coded tokens and private API URLs from the package; read credentials only from the documented environment variable or user-owned config.
The agent can add or change notes in the connected SiYuan workspace when asked to use these features.
The skill can create documents, append content, and sync conversations into SiYuan; these are disclosed and central to the skill, but they mutate persistent user data.
- `create_document(notebook_name, document_name, content)` - 创建新文档 - `append_to_document(document_id, content)` - 向文档追加内容 - `sync_conversation(conversation_data, notebook_name="其他", document_name="openchat")` - 同步对话
Confirm the target notebook, document name, and content before write/sync operations, especially for bulk or automated syncs.
Private conversation content may be saved into the user's note database and remain available after the current session.
The skill is designed to store OpenClaw conversations in SiYuan, creating persistent records that may later be searched or reused.
- ✅ **对话同步** - 将OpenClaw对话同步到思源笔记
Avoid syncing sensitive conversations unless you want them stored in SiYuan; consider using a dedicated notebook or document for agent-generated records.
Users must install an external Python package themselves, and the exact version is not constrained by the skill artifacts.
The documentation asks for a manual, unpinned dependency installation while the install spec is absent; this is common for a Python integration but worth noticing.
pip install requests
Install dependencies from trusted package indexes and consider pinning a known-good requests version in local environments.