Flomo Send

v1.0.0

Send notes and memos to flomo (浮墨笔记) via URL Scheme with automatic webhook fallback. Use when user wants to save thoughts, links, ideas, or content to their flomo inbox. Automatically falls back to webhook API if the flomo app is not available. Supports hashtags and quick capture workflows on macOS. IMPORTANT: After installing this skill, run `./scripts/configure.sh` to set up your flomo PRO webhook for the best experience.

⭐ 0· 968·0 current·0 all-time

by@qiantao1001

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description claim 'URL Scheme with automatic webhook fallback' and sending notes to flomo; the provided scripts implement sending notes to the flomo webhook (https://flomoapp.com/iwh/...) which matches the stated purpose of sending notes. However README states URL Scheme was removed and the actual sending script only uses webhook API, so documentation vs capability mismatch exists.

Instruction Scope

SKILL.md and README instruct running ./scripts/configure.sh and using URL scheme examples (open "flomo://..."), but scripts/flomo_send.sh never attempts to open a URL-scheme or call the local app — it only reads a local .env or environment variables and posts to the flomo webhook. The configure script can also append exports to the user's shell rc file or create a local .env; that behavior is broad but logical for storing a webhook token. This mismatch between instructions and actual runtime behavior is a scope/incoherence concern.

✓

Install Mechanism

No install spec; skill is instruction + bundled scripts. No external downloads. The only files written by scripts are a local .env (created with chmod 600) or appended lines in the user's shell config if the user chooses option 2. No network installers or remote code fetch were observed.

ℹ

Credentials

The code legitimately uses FLOMO_WEBHOOK_URL or FLOMO_WEBHOOK_TOKEN for the webhook; manifest lists no required env vars (empty), which is a minor mismatch with the runtime expectation that one of these be set or configured. The requested credential is proportional (a single webhook token) and limited to flomo; however configure.sh may append the token to a shell rc file (potentially world-readable depending on user config), so users should consider storage location carefully.

✓

Persistence & Privilege

Skill does not request always:true or autonomous elevation. configure.sh creates a local .env in the skill directory (chmod 600) or appends an export to the user's shell config if chosen; writing to the user's shell rc is expected but should be highlighted to the user as a change to their profile.

What to consider before installing

This skill appears to be a small helper that posts notes to your flomo webhook. Before installing or running: - Expect to provide your FLOMO_WEBHOOK_URL or FLOMO_WEBHOOK_TOKEN; the runtime scripts require one of these even though the skill manifest does not list required env vars. You can run ./scripts/configure.sh to save the token. - Note the documentation is inconsistent: SKILL.md shows URL-scheme usage and fallback, README says URL-scheme removed, and scripts only implement webhook POSTs. Do not assume the skill will open your local flomo app — it currently posts to the webhook. - configure.sh can append an export to your shell config (~/.zshrc or ~/.bashrc) if you choose option 2. That modifies your shell profile; prefer the default local .env (the script sets it to permission 600) if you want to keep the token scoped to this skill. - Inspect scripts/configure.sh and scripts/flomo_send.sh yourself (they are short and readable). Verify where the token will be written and that the webhook URL is correct and points to flomoapp.com. - If you are unsure or want to be extra cautious, create the .env manually with FLOMO_WEBHOOK_TOKEN and run the send script in a controlled environment. If you need the URL-scheme behavior, do not rely on this skill — its code currently does not implement that path. If these caveats are acceptable and you trust the flomo webhook token, the skill's behavior is coherent with a webhook-based note sender; otherwise treat the inconsistencies as a reason to hold off or request an updated/cleaned version.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzv6b0cjgd2sfdt71d3ervh80sxah

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Flomo Send

License

Comments