PDF 转 GetNotes

This skill performs the expected PDF → images → upload → create-note flow, but note these issues before installing: - Credentials & config are not declared: The script reads GetNotes credentials from ~/.openclaw/openclaw.json, yet the registry lists no required env vars or config paths. Expect to provide sensitive API credentials in that file if you use it. - Embedded API key in docs: references/full_sop.md includes an apparent API key and client ID. Treat those as secrets; if they are live, they should be rotated and removed from the package. Do not assume those values are safe to keep. - Data exfiltration risk: PDF pages (your document contents) are uploaded to openapi.biji.com. Only run this on non-sensitive documents or after confirming the service's privacy/security stance. - Testing recommendation: Audit the included script (scripts/run_pdf_to_getnote.py) locally, test with a throwaway PDF and a dedicated/limited GetNotes API key, and verify that the credentials the skill reads are the ones you expect. - Remediation suggestions: Ask the publisher to (1) declare required config paths/env vars in the registry metadata, (2) remove any hard-coded credentials from documentation, and (3) make credential input explicit (e.g., instruct user to provide keys rather than embedding them). If you cannot validate these fixes, treat the skill as untrusted and avoid giving it real credentials or sensitive PDFs.