UseMemos
v1.0.3Interact with UseMemos instance — a lightweight, self-hosted memo hub. Create, search, list memos and upload attachments.
⭐ 0· 482·0 current·0 all-time
byMinde@minstn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included scripts and API reference. Required binaries (python3) and required env vars (USEMEMOS_URL, USEMEMOS_TOKEN) are exactly what a UseMemos client needs.
Instruction Scope
SKILL.md and scripts are focused on UseMemos API calls (create/list/search memos, upload/link attachments, comments). The scripts auto-load a .env from the skill directory, and the upload scripts read arbitrary file paths you pass and POST their base64 content to the configured USEMEMOS_URL. That's expected for an 'upload' feature, but it means the skill can be used to transmit any local file you tell it to — be cautious about giving it access to sensitive files.
Install Mechanism
Instruction-only skill with included Python scripts; there is no package download or extract step. No external install URLs or third-party package installs present.
Credentials
Only USEMEMOS_URL and USEMEMOS_TOKEN are required and the primaryEnv is USEMEMOS_TOKEN — this is proportional. Note: the recommended setup stores the token in a plaintext .env file inside the skill directory (loaded automatically), so token storage and file permissions are worth reviewing.
Persistence & Privilege
always is false and the skill does not request system-wide privileges or modify other skill configurations. It runs as a normal, user-invokable skill and only requires standard runtime presence (python3).
Assessment
This skill appears to be a straightforward client for a UseMemos instance. Before installing: (1) ensure you point USEMEMOS_URL to a trusted UseMemos server; (2) treat USEMEMOS_TOKEN as a secret — storing it in skills/usememos/.env is plaintext, so use file permissions or a short-lived token where possible and rotate tokens regularly; (3) the upload scripts will transmit any file path you pass them to the configured server, so avoid calling them (or allow the agent to call them) with sensitive local file paths; (4) if you are concerned about autonomous agent behavior, restrict or disable autonomous invocation for agents with broad local filesystem access or use a token with limited scope/expiration.Like a lobster shell, security has layers — review code before you run it.
latestvk97270x1hd448axncdm99szmms845652
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3
EnvUSEMEMOS_URL, USEMEMOS_TOKEN
Primary envUSEMEMOS_TOKEN