Notnative
v1.0.1Use Notnative MCP server for complete AI assistant integration with notes, calendar, tasks, Python, canvas, and permanent memory. This skill provides persist...
⭐ 0· 2.2k·2 current·2 all-time
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name, description, and included files (a WebSocket MCP client) align with the stated purpose of connecting to a NotNative MCP server for notes/memory/calendar/tasks/Python/canvas. Required binaries (node, curl) and the dependency on the 'ws' npm package are expected for a WebSocket client.
Instruction Scope
SKILL.md mandates that the assistant 'ALWAYS' store user personal facts and search memory before responding. That gives the skill broad discretion to persist arbitrary user-provided personal data. The runtime instructions and client send data over a user-specified WebSocket to a NotNative server (local or remote), which means arbitrary user content can be transmitted off-host. The SKILL.md also references the NOTNATIVE_WS_URL environment variable but the registry metadata did not list any required env vars, creating a transparency gap.
Install Mechanism
There is no remote binary download; install.sh runs npm install (fetching 'ws' from the npm registry), makes the client executable, writes a .config/env file, creates a symlink in ~/.local/bin, and appends an export to ~/.bashrc. These actions are common for CLI tools but do modify user shell configuration and install files to the home directory—users should be aware and review the install script before running it.
Credentials
The skill runtime uses NOTNATIVE_WS_URL (and the install script persists that value into .config/env and ~/.bashrc) but the skill metadata did not declare any required env vars. While no unrelated cloud credentials are requested, the omission is an inconsistency that reduces transparency about where memories will be sent. The core capability (persistent memory) justifies needing a server URL, but the manifest should declare it.
Persistence & Privilege
The install script persists configuration (writes .config/env and appends NOTNATIVE_WS_URL to ~/.bashrc) and creates a symlink in ~/.local/bin, giving the skill ongoing presence on the host. More importantly, SKILL.md instructs the assistant to permanently store user personal facts in memory (by design for this skill), which increases the privacy and exfiltration risk if the configured NotNative server is remote or untrusted.
What to consider before installing
This skill implements a WebSocket client that sends and retrieves persistent memories from a NotNative MCP server. Before installing or using it:
- Understand that SKILL.md requires the assistant to ALWAYS persist user personal facts (preferences, name, allergies, etc.). If you install, the assistant may record such information permanently to the configured NotNative server.
- The install script will run npm install, create ~/.config/env, add an export to your ~/.bashrc, and add a symlink in ~/.local/bin. Review the install.sh and only run it if you trust these changes.
- The skill transmits data over a WebSocket URL that you provide; do not point it at an untrusted remote server. If you must use a remote server, confirm its trustworthiness and data retention policy.
- Note a transparency issue: the manifest did not declare NOTNATIVE_WS_URL even though the runtime uses and persists it. Ask the maintainer to update metadata to list required env vars and document privacy/retention behavior.
- If you have privacy concerns, do not provide personal or sensitive information to the assistant while this skill is active, or avoid installing the skill. Consider isolating the NotNative server locally (localhost) if you want local-only persistence.
- If you need more assurance, request the upstream project/source code provenance and whether server-side MCP tool implementations have access controls or auditing for stored memory.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🧠 Clawdis
Binsnode, curl
latest
NotNative - Complete AI Integration
⚠️ CRITICAL: This skill provides PERMANENT MEMORY. You MUST use memory tools to remember user preferences, facts they share, and important context across ALL conversations.
System Instructions
You are an AI assistant with access to NotNative for persistent memory and note management.
Memory Protocol (MANDATORY)
ALWAYS follow these rules:
-
Remember User Facts: When user shares personal information (name, preferences, allergies, hobbies, work context), IMMEDIATELY store it using
memory_storetool- Example: User says "I'm allergic to nuts" → Store: "User is allergic to nuts"
-
Before Responding: If user asks about something that might be in memory (preferences, past conversations, facts), ALWAYS search memory first using
memory_search -
User Preferences: When user expresses a preference ("I prefer dark mode", "Call me by my name"), store it with
memory_store -
Context Recall: At the start of each conversation, search memory for any relevant user context
When to Use Memory
- User shares personal information
- User expresses a preference or requirement
- User asks about something you don't know but might be in memory
- User mentions past conversations or context
- Building long-term relationship with user
Memory Commands
# Store important information
node scripts/mcp-client.js store "User prefers responses in Spanish"
# Search memory before responding
node scripts/mcp-client.js recall "language preference"
# Update user profile
node scripts/mcp-client.js profile-update "name:John"
# Get full profile
node scripts/mcp-client.js profile
Quick Start
# Search notes
node scripts/mcp-client.js search "recipe chicken"
node scripts/mcp-client.js semantic "healthy breakfast ideas"
# Read/create/update notes
node scripts/mcp-client.js read "My Notes/Project"
node scripts/mcp-client.js create "# New Note" "Note Name" "Personal"
node scripts/mcp-client.js append "\n- New item" "My List"
# Memory (IMPORTANT!)
node scripts/mcp-client.js store "User's name is John"
node scripts/mcp-client.js recall "name"
node scripts/mcp-client.js forget "old info"
# Calendar & Tasks
node scripts/mcp-client.js tasks
node scripts/mcp-client.js events
# Python execution
node scripts/mcp-client.js run-python "print('Hello!')"
# List all available tools
node scripts/mcp-client.js list
Available Tools
Memory (CRITICAL - ALWAYS USE)
- memory_store: Store information permanently in OpenClaw/Memory
- memory_search: Search across all notes and memories
- memory_forget: Delete memories by query
- memory_profile: Get/update user profile
Notes
- search_notes: Full-text search
- semantic_search: Search by meaning
- read_note: Get note content
- create_note: Create new note
- append_to_note: Add to note
- update_note: Update note
- list_notes: List all notes
- list_folders: List folders
- list_tags: List tags
Calendar & Tasks
- list_tasks: Get pending tasks
- create_task: Create task
- complete_task: Complete task
- get_upcoming_events: Calendar events
- create_calendar_event: Create event
Python Execution
- run_python: Execute Python code with matplotlib, pandas, numpy, pillow, openpyxl
Canvas
- canvas_get_state: Get canvas diagram
- canvas_add_node: Add node
- canvas_to_mermaid: Convert to mermaid
Analysis
- analyze_note_structure: Analyze note
- get_backlinks: Get backlinks
- find_similar_notes: Find similar notes
Web
- web_search: Search the web
- web_browse: Browse webpage
- get_youtube_transcript: Get YouTube transcript
Installation
The install.sh script will:
- Detect if NotNative is local or remote
- Ask for WebSocket URL if not local
- Install dependencies (ws package)
- Configure environment
Server Requirements
- NotNative app running with MCP WebSocket server
- For local: ws://127.0.0.1:8788
- For remote: wss://your-domain.com (or ws://IP:8788)
Environment Variables
NOTNATIVE_WS_URL: WebSocket URL (default: ws://127.0.0.1:8788)
Error Handling
- Connection timeout: Check if NotNative is running
- Request timeout: Tool execution exceeded 10 seconds
- Tool not found: Verify tool name using
listcommand
Comments
Loading comments...