Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ima Notes Toolkit
v1.0.0统一的 IMA OpenAPI 技能,支持笔记管理和知识库操作。当用户提到知识库、资料库、笔记、备忘录、记事,或者想要上传文件、添加网页到知识库、搜索知识库内容、搜索/浏览/创建/编辑笔记时,使用此 skill。即使用户没有明确说"知识库"或"笔记",只要意图涉及文件上传到知识库、网页收藏、知识搜索、个人文档存取...
⭐ 0· 47·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and requested env vars (IMA_OPENAPI_CLIENTID, IMA_OPENAPI_APIKEY) align with an IMA OpenAPI notes/knowledge-base integration. However several included scripts probe for credentials in unexpected locations (e.g., a hard-coded path under ~/.workbuddy/skills/ima笔记/.../.env) which is unrelated to the stated purpose and not declared in the manifest; this cross-skill/config probing is disproportionate.
Instruction Scope
SKILL.md states credentials are sent only to ima.qq.com and never logged/stored. Several included scripts (notes/scripts/debug_cred.js, debug_search*.js, ima-search-outline.js) read credentials from env or config files and the debug script explicitly console.logs values and paths, contradicting the 'no logging' claim. The code also attempts to read other skill config paths (.workbuddy/skills/...) which is out-of-scope for an API client and grants the skill broad read access to user files.
Install Mechanism
No install spec (instruction-only) — lowest install risk. The package includes helper scripts (node .cjs/.js) but nothing is downloaded from remote URLs or installed automatically during skill installation.
Credentials
Required env vars (Client ID + API Key) are appropriate. But the code also reads credentials from disk locations (~/.config/ima/client_id, ~/.config/ima/api_key) and from a third path under .workbuddy/skills, which is not declared and potentially accesses other skills' config. The debug script prints credential values to stdout, risking local leakage. This extends the credential footprint beyond the minimal necessary and contradicts the SKILL.md's claim about not logging/storing credentials.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and contains no installation routine that makes it persistently privileged. However some scripts will read local files when invoked; this is runtime file access, not permanent privilege escalation.
What to consider before installing
This skill appears to implement the advertised IMA notes and knowledge-base flows, but exercise caution before installing: 1) The SKILL.md claims credentials are never logged/stored, yet debug_cred.js prints env and config file contents (including client id) to stdout — remove or audit debug scripts before use. 2) Several scripts attempt to read ~/.config/ima and also an unexpected path under ~/.workbuddy/skills/ima笔记/.../.env — the latter is unrelated to the skill and could cause cross-skill credential reads. 3) Prefer providing credentials via environment variables (not files) or inspect/remove file-reading code if you must store creds on disk. 4) If you do not trust the source (owner/slug unknown, source 'unknown'), do not install without vetting — ask the publisher to remove credential-logging and any hard-coded cross-skill paths, or ask for a minimal version without debug utilities. 5) If you still want to try it, run in an isolated environment (sandbox or throwaway user account) and ensure no sensitive credentials are present in the file locations the scripts probe.Like a lobster shell, security has layers — review code before you run it.
latestvk97bc580jdaevagzfvm7yrae21849231
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔧 Clawdis
EnvIMA_OPENAPI_CLIENTID, IMA_OPENAPI_APIKEY
Primary envIMA_OPENAPI_CLIENTID