Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Siyuan Note
v1.0.0思源笔记(SiYuan Note)本地 API 操作助手。用于读写笔记本、文档、块、搜索、模板、SQL 查询等本地笔记操作。触发场景:用户提到"思源笔记"、"SiYuan"、"帮我创建文档"、"搜索笔记"、"查询数据库"等。
⭐ 0· 88·0 current·0 all-time
by莫循@moxunjinmu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description match the code and documentation: the SKILL.md, reference doc, and scripts all target the local SiYuan Note API (127.0.0.1:6806) and expose notebook/document/block/SQL operations as advertised.
Instruction Scope
Instructions stay within the stated domain (local SiYuan API calls). However the skill explicitly enables arbitrary SQL execution and shows examples of constructing SQL with direct string interpolation, which gives broad read/write access to the note database and can be used to exfiltrate or modify all notes. This is functionally consistent with the stated capability but is powerful and potentially dangerous if misused.
Install Mechanism
No install spec is provided (instruction-only), and included code is a small helper script that depends only on the widely used 'requests' library. There are no external downloads or obscure install steps.
Credentials
The script reads the SIYUAN_TOKEN environment variable and the SKILL.md shows Authorization: Token usage, but the skill metadata declares no required env vars or primary credential. That mismatch (code/instructions accessing a sensitive token while metadata doesn't list it) is an incoherence that could lead users to miss that a secret will be accessed. The token itself is appropriate for this integration, but it should be declared explicitly.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence, and it does not attempt to modify other skills or system-wide configs. Default autonomous invocation is allowed (platform default) but is not combined with other broad privileges here.
What to consider before installing
This skill appears to be a legitimate SiYuan local-API helper, but consider the following before installing: (1) it expects and will use an API token (SIYUAN_TOKEN) even though the metadata doesn't declare it — treat that token as sensitive and confirm you want the skill/agent to have it; (2) the skill permits running arbitrary SQL against your local notes database (read and write) — review and restrict that capability if you don't want broad access or accidental data modification; (3) inspect the included scripts yourself (scripts/siyuan.py) to confirm behavior meets your expectations; and (4) if you proceed, prefer providing the token only when necessary, or require an explicit credential declaration/approval to reduce accidental token exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk97f01t1hy83gd0qaabtxf2jhh83mzbj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.