ClawHub

笔记同步助手

v1.0.3

当用户想保存文章/链接到笔记库、搜索已保存的文章、或配置 API 密钥时触发。触发词:「保存」「存一下」「收藏」(save),「保存链接」「抓这个链接」「帮我抓取」或只发了一个 URL(link),「搜文章」「找找」「最近存了什么」(search),「配置笔记」「设置密钥」「连接笔记服务」(config)。也可直...

1· 125·0 current·0 all-time
by@notesynchelper
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: the skill is for saving/searching notes and configuring an API key. Optional env vars (NOTEHELPER_API_KEY, NOTEHELPER_BASE_URL) and a single config file (~/.openclaw/notehelper.json) are appropriate for that purpose; there are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md instructs the agent to extract article fields from user input and POST them to the declared service, and to poll a task status endpoint every 15s for link processing. This is expected for a note-syncer. Note: the skill will transmit the user's article text/URL/keywords to the remote service (which is necessary for function) — users should expect that content leaves their device.
Install Mechanism
Instruction-only skill with no install spec and no bundled code. Nothing is written to disk by the skill itself except when the user explicitly runs the provided config steps to save the key.
Credentials
No required secret environment variables are forced; NOTEHELPER_API_KEY is optional/expected. The config file location and instructions for exporting the key are proportional to the stated functionality. No unrelated credentials or config paths are requested.
Persistence & Privilege
always is false; the skill does not request elevated platform presence. It suggests writing the API key to its own config file (~/.openclaw/notehelper.json), which is within scope for this skill and does not modify other skills or global shell configs.
Assessment
This skill appears coherent for syncing notes, but it will send any article text/URL/keywords you save to the remote service (https://claw.notebooksyncer.com). Before installing or using it: 1) Confirm you trust the service and its privacy policy; 2) If you store the API key on disk, check file permissions (chmod 600) or prefer exporting NOTEHELPER_API_KEY only for the session; 3) Avoid saving highly sensitive secrets or credentials inside notes you sync; 4) If you get the key via the QR/WeChat flow, ensure that process is legitimate; 5) Consider creating a scoped/revocable API key if the service supports it and revoke it if compromised. Overall the configuration and network access requested match the described purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk972jqggxekkpsn3773wqv1xbn84gfm1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments