ClawHub

Zettelkasten - 卡片笔记

v1.0.0

Zettelkasten - Card box note taking system with AI insights

1· 1.8k·5 current·5 all-time
by@rainy-cogmet
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the Python implementation align: idea capture, tag generation, AI insights, connection detection and daily review are implemented locally. No unrelated services or credentials are declared or required.
Instruction Scope
SKILL.md runtime instructions are scoped to recording ideas and producing cards. The included files contain a publish.sh that, if executed, reads ~/.clawhub/credentials and POSTs an archive to api.clawhub.com — this is a developer/publish helper outside normal runtime but is present in the bundle and could access a local credentials file if run.
Install Mechanism
There is no remote install spec; install.sh simply copies files into ~/.openclaw/skills/zettelkasten. No downloads from external or untrusted URLs, no extracted archives fetched at install time.
Credentials
The skill declares no required env vars or credentials. However publish.sh implicitly reads ~/.clawhub/credentials for an Authorization bearer token when invoked — this path/credential is not declared in the manifest and only matters if the publish script is run.
Persistence & Privilege
Skill is not always-enabled and does not request elevated privileges. install.sh writes files to the user's ~/.openclaw/skills directory (expected). The runtime Python writes a per-user JSON DB file (zettelkasten_{user}_db.json) in the working directory — normal for a local note-taking tool.
Assessment
This skill appears to do what it says: a local Zettelkasten note tool implemented in Python. Before installing or running anything, review the included scripts: install.sh will copy the Python and SKILL.md into ~/.openclaw/skills (normal), and zettelkasten.py will create a local JSON database file per user. The only noteworthy file is publish.sh — it attempts to read ~/.clawhub/credentials and upload an archive to api.clawhub.com if you execute it. That publish script is a publishing helper (not needed for normal use) but could expose or use your Clawhub token if you run it. Recommendation: inspect the files yourself, run the Python code in a sandbox or with limited permissions, and do not run publish.sh unless you intend to publish and trust the environment. If you want extra assurance, run the code in a disposable environment or review the source lines that handle file writes and network calls (publish.sh is the only file with a network call).

Like a lobster shell, security has layers — review code before you run it.

latestvk973ts528gpmd0wavcfax30rws80jya9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📝 Clawdis
OSmacOS · Linux · Windows

Comments