Share to GetNote
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears purpose-aligned: it parses user-provided ChatGPT/Gemini share links and saves extracted Q&A to GetNote after confirmation, but it runs a Playwright-based parser and relies on GetNote authorization.
Before installing, make sure you are comfortable running a Playwright/Chromium-based parser locally and saving the shared conversation contents into your GetNote account. Review the extracted notes before confirming the save step.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
First use may install Playwright and a Chromium browser, increasing local dependency and supply-chain exposure.
The skill discloses that running the parser may install third-party browser automation components. This is expected for parsing rendered share pages, but users should understand it can download and run external dependencies.
脚本首次运行时会自动安装 Playwright 和 Chromium
Use uv and Playwright from trusted sources, and run the skill only in an environment where installing browser automation dependencies is acceptable.
The agent can use the configured GetNote authorization to create notes in the user's account.
The skill relies on existing GetNote authorization to save notes. This is appropriate for the stated purpose, but the registry metadata does not declare required credentials or config paths.
需要 getnote skill 已安装并完成授权。检查方式:确认环境变量 `GETNOTE_API_KEY` 和 `GETNOTE_CLIENT_ID` 已设置,或 `~/.openclaw/openclaw.json` 配置文件存在。
Confirm the GetNote skill is installed from a trusted source and only authorize the account where these imported notes should be saved.
Conversation text from the shared link may be copied into a third-party notes service.
Extracted conversation content is handed to another skill/provider for storage. This is the intended workflow and occurs after confirmation, but users should recognize that share-link content will be stored in GetNote.
逐条调用 getnote skill 的 `/note save` 命令保存笔记。对于每条笔记:标题: JSON 中的 `title` 字段;正文: JSON 中的 `content` 字段
Review the extracted titles and content before confirming, especially if the shared conversation contains private or sensitive information.