passnote-skill

v1.0.3

Create and manage disposable memos using PassNote. Share secure, auto-destructing notes with others.

⭐ 0· 113·0 current·0 all-time

by@shiweifu

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for shiweifu/passnote.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "passnote-skill" (shiweifu/passnote) from ClawHub.
Skill page: https://clawhub.ai/shiweifu/passnote
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: PASSNOTE_API_URL, PASSNOTE_API_TOKEN
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install passnote

ClawHub CLI

Package manager switcher

npx clawhub@latest install passnote

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name/description (PassNote disposable memos) matches the provided script and SKILL.md: the script sends memo content to a PassNote API and returns a passcode/link. However, the registry metadata at the top claims 'Required env vars: none' while SKILL.md and the script clearly require PASSNOTE_API_URL and PASSNOTE_API_TOKEN. This metadata mismatch is incoherent and should be corrected.

✓

Instruction Scope

SKILL.md instructs the agent to run the included Python script and to store PASSNOTE_API_URL and PASSNOTE_API_TOKEN in ~/.openclaw/openclaw.json. The script only reads those environment variables and posts the memo to the configured API endpoint. It does not attempt to read other files, credentials, or system state beyond the declared env vars.

✓

Install Mechanism

No install spec or external downloads are included; this is an instruction-only skill that includes a small local Python script. Nothing is written to disk by an installer and there are no remote code fetches in the provided files.

ℹ

Credentials

The script legitimately needs a PASSNOTE_API_URL and a PASSNOTE_API_TOKEN to operate; those are proportionate to the purpose. The incoherence is that the registry metadata lists no required env vars while SKILL.md and the script require them. Also note the script prints the passcode and view link to stdout (so logs or command history could capture secrets), which is expected for this use case but worth awareness.

✓

Persistence & Privilege

The skill does not request elevated persistence (always:false) and does not modify other skills or system-wide settings. It runs a local script and relies on environment variables managed by the platform; autonomous invocation is allowed (platform default) but not combined with other concerning privileges.

What to consider before installing

This skill appears to do what it says (post memo content to your PassNote service and return a passcode/link), but verify a few things before installing: - Fix or confirm the metadata: the registry metadata incorrectly lists no required env vars, but the SKILL.md and script require PASSNOTE_API_URL and PASSNOTE_API_TOKEN. Ensure your platform will provide those env vars. - Only provide a token scoped for this purpose. Create a dedicated, minimal-permission API token on your PassNote instance rather than using an admin/global token. - Confirm the PASSNOTE_API_URL value is a service you control or trust. The script will send whatever content you provide to that URL; do not point it to an untrusted endpoint. - Be aware the script prints the passcode and link to stdout. Those outputs could be captured in logs or command history; treat them as sensitive and avoid putting secrets in shared logs. - If you have concerns, run the script locally (with a test token and test data or against localhost) to observe its network calls and responses before enabling agent automation. If these checks are acceptable, the skill itself is coherent with its stated purpose; the main issues are metadata accuracy and usual token/endpoint trust considerations.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Environment variables

PASSNOTE_API_URLrequired

PASSNOTE_API_TOKENrequired

latestvk97bjpbkbgyczje90cn67jjjbs83vz90

113downloads

0stars

3versions

Updated 4w ago

v1.0.3

MIT-0

When the user wants to create a memo, note, or secure message to share, you can use the PassNote service to generate a secure, temporary link.

Features of PassNote:

Memos are securely stored and by default auto-destruct after 24 hours.
A passcode (pass_key) is required to view the memo.
You will receive a unique link and passcode after successful creation.

Setup Instructions for User

To use this skill, you must configure your PassNote API Token.

Log in to your PassNote web portal.
Navigate to the API Tokens page and create a new token.
Edit your ~/.openclaw/openclaw.json to include the credentials:

{
  "skills": {
    "entries": {
      "passnote": {
        "env": {
          "PASSNOTE_API_URL": "https://passnote.yourdomain.com",
          "PASSNOTE_API_TOKEN": "your-api-token-here"
        }
      }
    }
  }
}

How to use the tools

To create a memo, execute the provided Python script located in this skill's directory. Always use absolute paths when running the script. The script path is {baseDir}/scripts/create_memo.py.

Example invocation:

# Basic usage
python3 {baseDir}/scripts/create_memo.py "This is a secret message"

# Set custom expiration (in hours, max 48)
python3 {baseDir}/scripts/create_memo.py "This is a secret message" --expire-hours 12

After running the command, parse the standard output to provide the user with the generated viewing URL and the 4-digit passcode (pass_key). The script will output these details in a clear format. If the script fails, relay the error message to the user.

Comments

Loading comments...