siyuan-llm-wiki
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned for maintaining a SiYuan knowledge base, but it gives the agent broad note-reading and note-writing authority with automatic memory writeback and some weak scoping around which notes may be modified.
Only install this if you are comfortable giving an agent write access to your SiYuan notes. Before use, create a backup or snapshot, restrict work to a dedicated LLM-Wiki notebook, and ask the agent to confirm before saving conversation content or updating index/log pages.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or temporary conversation details, ideas, and inferred conclusions may be written into the user’s long-term SiYuan knowledge base.
The agent is told to perform persistent post-conversation organization even when the user did not explicitly ask to save anything.
每次对话结束后(无论用户是否提问),执行一次轻量级整理
Require explicit user confirmation before saving conversation-derived content, and clearly separate temporary conversation context from permanent wiki pages.
If the user has other SiYuan documents named index or log, the script could update the wrong document rather than the intended LLM-Wiki notebook.
The helper searches for an index document by title only, without constraining the notebook or path to /LLM-Wiki/, and then appends content to the returned document.
"stmt": "SELECT id FROM blocks WHERE type='d' AND content = 'index' LIMIT 1"
Scope all SQL queries and updates to the configured notebook ID and expected /LLM-Wiki/ paths before modifying any blocks.
Malformed or adversarial titles, keywords, or source names could cause incorrect queries, expose more notes than intended, or fail unexpectedly.
User-controlled search terms are interpolated directly into SQL strings. A quote or SQL wildcard sequence in a keyword could break the intended query scope.
WHERE content LIKE '%{keyword}%'
AND path LIKE '/LLM-Wiki/%'Escape SQL string values or use SiYuan-supported parameterization/safe query helpers, and keep a hard path/notebook constraint that cannot be bypassed by input text.
The agent will have API access to the user’s local SiYuan instance; depending on SiYuan’s token model, this may be broader than just the LLM-Wiki notebook.
The skill requires the user to provide a SiYuan API token, but registry metadata declares no primary credential or required environment variables.
这是思源的 API Token: xxx,笔记本 ID: xxx
Disclose the credential requirement in metadata and advise users to use the least-privileged/local-only token settings available, with backups before bulk changes.