ClawHub

Write OpenNote

v1.0.0

Write, update, and read OpenNote notes through the public API. Use when the user wants to publish notes, upload note images, manage labels, or look up previo...

0· 34·0 current·0 all-time
by@liam-duan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Write OpenNote) matches the declared requirements: curl and an OPENNOTE_API_TOKEN are exactly what a client for the OpenNote public API needs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
The SKILL.md instructs the agent to read and write two local files under .opennote/ (.opennote/opennote-labels-cache.json and .opennote/opennote-history.json) and to always read them at the start of every invocation. This is coherent with caching/history functionality but has privacy implications: the history file is described as a log of all notes written/edited via the skill and the agent will read it automatically even if the user doesn't explicitly request history lookup.
Install Mechanism
No install step is provided (instruction-only skill). This minimizes risk since nothing external is downloaded or written by an installer.
Credentials
Only a single environment variable is required: OPENNOTE_API_TOKEN (the declared primary credential). That matches the described API access needs and is proportionate. The SKILL.md only references this variable for Authorization headers.
Persistence & Privilege
The skill persists state in the agent's working directory (.opennote/). It does not request elevated platform privileges or always:true behavior. Still, local persistence of note content/history is a non-trivial privilege — users should know that note contents will be stored on disk and read automatically on each run.
Assessment
This skill is coherent with its stated purpose, but before installing consider: 1) It needs your OpenNote PAT (OPENNOTE_API_TOKEN) and will use it to create/update notes — only grant a token with the minimal scopes you need and revoke it if compromised. 2) The skill writes and reads .opennote/opennote-history.json and the labels cache in your working directory; those files will contain or reference your note contents and are read automatically at each invocation, so store them where you expect and don't share them. 3) If you want to avoid local persistence, run the skill in an isolated directory or remove/inspect the .opennote/ files after use. 4) The skill uses curl and the official api.opennote.cc endpoint — verify that matches your expectations. If any behavior (automatic history reads, random label selection) is surprising, ask the developer to change the defaults before using the skill with sensitive content.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bq9j7kgk98xjfgzs90awph183z34x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binscurl
EnvOPENNOTE_API_TOKEN
Primary envOPENNOTE_API_TOKEN

Comments