Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Daily Notes
v1.2.0日常随笔记录,收录一切想记下来的东西——奇思妙想、灵感片段、日常感想、碎碎念、发现、备忘录,支持图片附件与多图关联。Daily notes with image attachments and multi-image association support.
⭐ 0· 72·0 current·0 all-time
byKazuya@kazuya-ecnu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description, data formats, and the provided agent.py are consistent with a local note-taking skill that stores notes and image attachments under ~/.openclaw/workspace/notes-data/. There are no unexpected external dependencies or credentials. However, the SKILL.md's proactive capture rule (recording 'any user message') goes beyond typical note-taking expectations and expands the stated purpose into always-on logging.
Instruction Scope
SKILL.md explicitly instructs the agent to treat any user message (unless it contains an explicit task intent) as worth recording and to automatically append such messages to notes.json. This grants the skill broad discretion to collect arbitrary user content, which can include sensitive data (passwords, private messages, PII) without explicit consent or confirmation. The instructions lack retention, encryption, or access-control guidance and leave ambiguity about when and how recording is triggered.
Install Mechanism
No install spec / downloads are present. The only code file (agent.py) is small and only reads/writes a JSON file under ~/.openclaw/workspace/notes-data/ and constructs image paths. No external network endpoints or third-party packages are installed. This is low-risk from an install-code sourcing perspective.
Credentials
The skill requests no environment variables, credentials, or external tokens—appropriate for a local notes tool. However, because the skill will store free-form user messages and image paths in plain JSON under the workspace, it can collect sensitive content without additional safeguards (encryption, ACLs).
Persistence & Privilege
always:false and no explicit persistence flags are requested, but the SKILL.md's proactive-capture rule combined with normal autonomous invocation (disable-model-invocation:false) means the agent could be invoked automatically and record user messages frequently. That combination effectively allows continuous local logging even though the skill did not request an 'always' privilege at registry level.
What to consider before installing
This skill implements a straightforward local note store, but its runtime policy to 'record any user message' is privacy-risky. Before installing, consider: (1) Do you want the agent to automatically log all casual messages? That can capture passwords, private info, or other sensitive text. (2) Ask the author or edit SKILL.md to require explicit user confirmation/command before recording (e.g., only save when user says '记一下' or 'record this'), or at minimum limit triggers. (3) Ensure stored data is acceptable to keep in plaintext under ~/.openclaw/workspace/notes-data/ (or add encryption/backups and a clear retention/deletion policy). (4) If you will allow autonomous invocation, be aware it can run without manual approval and produce continuous logs; consider disabling autonomous invocation for this skill. (5) Verify image handling (where images are stored, size limits, and deletion behavior) and manually inspect notes.json after first runs. If you cannot modify the SKILL.md or trust the skill's behavior, do not install or only enable it in a confined/test environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9717camnwdhwvszepawe4c9fd84a4av
License
MIT-0
Free to use, modify, and redistribute. No attribution required.