ClawHub

Quicknote

v1.0.4

Lightning-fast note-taking tool. Capture thoughts instantly, pin important notes, search across all entries, and export to markdown. Zero config, local stora...

0· 233·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included script all implement a local note-taking tool that writes log files under $HOME/.local/share/quicknote. The scope of requested resources (local files only) matches the stated purpose.
Instruction Scope
SKILL.md directs the agent to use quicknote commands; the provided script implements many note-related commands (add, search, export, status, etc.). There is a minor mismatch: SKILL.md's command list is shorter than the script's full command set (the script contains additional commands like plan, track, review, etc.), but all remain within note-taking/productivity functionality.
Install Mechanism
No install spec and no external downloads. The skill is instruction-plus-script only, so nothing is pulled from the network during install.
Credentials
The skill requires no environment variables or credentials. It writes to a per-user data directory under $HOME, which is appropriate for a local notes app.
Persistence & Privilege
always is false and the skill does not request elevated privileges or modify other skills or system-wide config. It only creates its own data under the user's home directory.
Assessment
This skill appears to be a straightforward local note tool. Before installing, review the included script (scripts/script.sh) yourself — it will create and write files under ~/.local/share/quicknote and log actions to history.log. There are no network calls or credential requests in the visible code. Note the SKILL.md command list is shorter than the script's implemented commands — that's not inherently malicious but you may want to inspect the rest of the script (it was truncated in the package listing) to confirm there are no unexpected behaviors or external network accesses. If you want extra safety, run the script in a restricted/sandbox environment or inspect it line-by-line for any network or exec calls before using in a production account.

Like a lobster shell, security has layers — review code before you run it.

latestvk971817yv7gf457dpd80f2ene9830143

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments