Zettelkasten - 卡片笔记
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: zettelkasten Version: 1.0.0 The skill bundle implements a Zettelkasten note-taking system. The `install.sh` script performs standard file copying to the local skill directory. The `zettelkasten.py` script handles note creation, tagging, and AI-like insights using local file storage and string processing, without any network calls or dangerous system commands. The `publish.sh` script reads `~/.clawhub/credentials` to authenticate with `api.clawhub.com` for publishing the skill, which is its intended and legitimate purpose, not a general credential exfiltration. No prompt injection attempts against the agent were found in `SKILL.md` or the Python code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this script is run manually or by an agent, private files in the current folder could be uploaded as part of a skill archive.
The bundled script archives the entire current directory and uploads it to a remote API. That broad upload path is unrelated to the note-taking skill and could include unintended files if the script is run from the wrong directory.
tar -czf zettelkasten-1.0.0.tar.gz . ... curl -X POST "https://api.clawhub.com/v1/skills" ... -F "archive=@zettelkasten-1.0.0.tar.gz"
Do not run publish.sh unless you are intentionally publishing the package. The publisher should use an explicit file list and exclude generated note databases, credentials, and unrelated files.
Running the script would use your ClawHub account authority to publish or upload content.
The script reads a local ClawHub bearer credential, even though the skill metadata declares no primary credential and credential access is not needed for the stated note-taking purpose.
-H "Authorization: Bearer $(cat ~/.clawhub/credentials)"
Remove publish.sh from user-installed packages, or clearly document it as a developer-only tool requiring explicit approval and a narrowly scoped token.
Ideas you enter can be saved locally and resurfaced in future reviews or connection suggestions.
The skill persists user cards in a local JSON database for later connection detection and daily review, which is expected for a notes system but means entered content is retained.
self.db_file = f"zettelkasten_{self.user_id}_db.json" ... json.dump(self.cards, f, ensure_ascii=False, indent=2)Avoid entering secrets unless you are comfortable storing them locally, and know where the JSON database is created so you can back it up or delete it.