ClawHub

Alexandrie

v1.0.0

CRUD operations for Alexandrie, a self-hosted Markdown note-taking app. Create, read, update, delete and search notes via REST API.

2· 2.1k·0 current·0 all-time
by@eth3rnit3
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (CRUD for Alexandrie) align with the included alexandrie.sh script and the SKILL.md API endpoints. However, the skill metadata declares no required environment variables or config paths while the script clearly depends on a password stored at /home/eth3rnit3/clawd/.env and a specific username; that mismatch is unexpected for a general-purpose skill.
!
Instruction Scope
The runtime instructions and script instruct the agent to source /home/eth3rnit3/clawd/.env for ALEXANDRIE_PASSWORD and to read/write /tmp files (/tmp/alexandrie_cookies.txt, /tmp/alexandrie_user_id). The SKILL.md and registry metadata do not declare those config paths or the required secret. The script only contacts the declared API domain and does not exfiltrate to other endpoints, but reading a user-specific .env is scope creep relative to the metadata.
Install Mechanism
There is no install spec (instruction-only plus a shell script). That minimizes install-time risk because nothing arbitrary is being downloaded or extracted during install.
!
Credentials
The skill needs a password (ALEXANDRIE_PASSWORD) but requires no env vars in its metadata; instead it sources a hardcoded /home/eth3rnit3/clawd/.env path. It also implicitly requires curl and jq on PATH, but the required binaries list is empty. Asking to read a user-specific .env (which may contain other secrets) is disproportionate and should be declared and justified.
Persistence & Privilege
The skill is not always:true and does not request persistent system-wide privileges. It writes only local temporary files (/tmp) and a user-specific token file, and does not attempt to modify other skills or global agent config.
What to consider before installing
This skill appears to be a straightforward CLI client for a self-hosted Alexandrie instance, but it has important inconsistencies you should address before installing: 1) The script expects ALEXANDRIE_PASSWORD to be stored in /home/eth3rnit3/clawd/.env (a user-specific path) even though the skill metadata declares no config paths or env vars — verify you are comfortable allowing the skill to source that file or change the skill to accept the password via an explicitly-declared environment variable. 2) The script uses curl and jq but the metadata does not declare these dependencies — ensure those binaries are available and come from trusted sources. 3) Confirm you trust the API endpoints (api-notes.eth3rnit3.org) and the skill author since there is no homepage or known source. If you need higher assurance, ask the publisher to (a) declare required env vars (ALEXANDRIE_PASSWORD) and config paths, (b) avoid hardcoded /home paths (use a configurable path or env var), and (c) provide a canonical source/homepage or signed release. If you install anyway, consider checking the /home/eth3rnit3/clawd/.env contents and rotating any secrets that were exposed during testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9798hbzgcfbvq27bpdpqxtnzs803fzd
2.1kdownloads
2stars
3versions
Updated 1mo ago
v1.0.0
MIT-0
@eth3rnit3
latest
Download

Alexandrie Skill

Interact with Alexandrie note-taking app at https://notes.eth3rnit3.org

Configuration

  • API URL: https://api-notes.eth3rnit3.org/api
  • Frontend: https://notes.eth3rnit3.org
  • Username: eth3rnit3
  • User ID: 671423603690045441
  • Password: Stored in /home/eth3rnit3/clawd/.env as ALEXANDRIE_PASSWORD

Usage

Use the alexandrie.sh script for all operations:

/home/eth3rnit3/clawd/skills/alexandrie/alexandrie.sh <command> [args]

Commands

Authentication

./alexandrie.sh login                    # Login and get token
./alexandrie.sh logout                   # Logout

Notes (Nodes)

./alexandrie.sh list                     # List all notes/categories
./alexandrie.sh get <nodeId>             # Get a specific note with content
./alexandrie.sh search <query>           # Search notes
./alexandrie.sh create <name> [content] [parentId]  # Create a note
./alexandrie.sh update <nodeId> <name> [content]    # Update a note
./alexandrie.sh delete <nodeId>          # Delete a note

Node Roles

  • role: 1 = Category/Workspace (container)
  • role: 3 = Document (note with content)

Current Structure

  • 671425872858841091 - Perso (category)
  • 671426069886271492 - Test (document)

Examples

List all notes

./alexandrie.sh login
./alexandrie.sh list

Read a note

./alexandrie.sh get 671426069886271492
# Returns: "Salut, ceci est un **test**"

Create a note

./alexandrie.sh create "My Note" "# Title\n\nContent here" 671425872858841091

Search

./alexandrie.sh search "test"

API Reference

Base URL: https://api-notes.eth3rnit3.org/api

Endpoints

  • POST /auth - Login (body: {"username": "...", "password": "..."})
  • POST /auth/logout - Logout
  • GET /nodes/user/:userId - List user's nodes
  • GET /nodes/:nodeId - Get node by ID (includes content)
  • GET /nodes/search?q=query - Search nodes
  • POST /nodes - Create node
  • PUT /nodes/:nodeId - Update node
  • DELETE /nodes/:nodeId - Delete node

Authentication

JWT token stored in cookies after login (/tmp/alexandrie_cookies.txt).

Comments

Loading comments...