ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Flomo to Obsidian Sync Tool

v2.0.0

Parse and sync flomo exported HTML data to Obsidian vault with attachment support. Supports one-time manual export conversion and automatic sync. Use when us...

0· 221·0 current·0 all-time
by月开@perseveringman
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Functionality (HTML→Markdown conversion, Playwright-driven export, attachment copying, cron/scheduled tasks) matches the name/description. It legitimately needs Flomo credentials for fully automated 'password mode' and filesystem access to the Obsidian vault. Minor inconsistency: registry metadata lists no required env vars while the runtime docs instruct creating a .env with FLOMO_EMAIL/FLOMO_PASSWORD or exporting env vars; the code bundle included indicates this skill is not purely 'instruction-only'.
!
Instruction Scope
SKILL.md and other docs explicitly instruct the agent to prompt the user in-chat for Flomo login credentials and Obsidian paths, to create/write a .env file, to open a browser session and persist browser data (flomo_browser_data), and to create cron/scheduled tasks. These actions are within the tool's stated purpose but carry sensitive scope (credential collection via conversation, writing secrets to disk, creating scheduled tasks) that increases risk if the agent or environment mishandles data or transmits it externally. The instructions assume the agent will run local shell scripts and use MCP to create scheduled tasks—both grant the skill broad ability to modify the host environment.
Install Mechanism
No formal install spec in registry (declared 'instruction-only'), but the skill package includes many scripts and Python code. Dependencies are installed via pip and Playwright; Playwright will download a Chromium binary (expected for browser automation). There are no obscure or external binary download URLs in the provided docs, but running setup.sh/./sync.sh/Playwright will write files and download Chromium to the host—this is expected but worth noting.
!
Credentials
The skill asks for FLOMO_EMAIL and FLOMO_PASSWORD in practice (creating .env, env var options, or interactive chat prompts) even though the registry lists no required env vars—this mismatch should be noted. Requesting the Flomo password is proportionate for a fully automated mode, but collecting it via agent conversation and storing it locally (.env) is sensitive. The docs claim passwords will be encrypted/local-only, but that is an implementation claim you should verify before trusting.
Persistence & Privilege
The skill does not set always:true and does not appear to modify other skills. It does write persistent state locally (.env, flomo_browser_data, .flomo_sync_state.json, download directories) and provides instructions to create cron jobs or scheduled tasks. That persistence is consistent with its stated goal (automated periodic sync) but increases the blast radius if credentials or files are exposed or if the scheduled task runs in an environment you don't control.
What to consider before installing
Things to consider before installing and using this skill: - Credential handling: The skill documents two modes. Use 'safe mode' (browser-login session) when possible — it avoids storing your password. If you choose 'password mode', the skill asks you (via chat) for your Flomo credentials and writes them to a local .env file. Only proceed if you trust the agent and host environment; prefer entering credentials directly on your machine rather than pasting them into a remote/unknown agent UI. - Review files locally: The package contains Python scripts (auto_sync.py, convert_v2.py, etc.), shell scripts, and a clean_personal_data.sh. Inspect those scripts yourself (or run them in an isolated container/VM) to confirm there is no unexpected network upload or exfiltration beyond interacting with flomo's web UI. - Storage & permissions: If you use password mode, set strict permissions (chmod 600 .env) and verify .env is in .gitignore. Check for flomo_browser_data and any downloaded exports; remove them if not needed. - Scheduled tasks: The skill shows how to create cron jobs / use OpenClaw's scheduled_task_create. Creating persistent scheduled tasks is expected for automation but ensure the command executed by the job is safe and runs under the intended user account. - Playwright/Chromium: The sync process requires Playwright and will download a Chromium browser; be prepared for that download and run-time footprint. - Minimal privilege deployment: If you have doubts, run initial tests manually (one-time export + convert) rather than enabling full automation. Consider running automated mode inside a throwaway VM or container with limited network/credentials. - Verify claims: The docs state passwords/local data are not uploaded. If that guarantee matters to you, search the code for outbound network calls beyond connecting to flomo (e.g., non-flomo endpoints) before trusting automation. If you want, I can: (1) scan the Python scripts for network calls or suspicious patterns, (2) produce a short checklist of the exact files to inspect or whitelist, or (3) suggest a safe sequence of manual steps that avoids storing passwords.

Like a lobster shell, security has layers — review code before you run it.

latestvk9724k7n962zj0kkjkwdzs05jn82qtvk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments