Zettelkasten CN
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a disclosed local Zettelkasten note manager that writes and moves Markdown notes locally, with persistent note history and memory references users should treat as private.
Before installing, confirm you want a local Markdown note system under ~/Desktop/cardsdata and be mindful that its notes, trash, operation history, and memory references may contain personal information. The artifacts do not show hidden network access, credential use, or background persistence.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can create, edit, move to trash, or restore Markdown notes in the configured card directory.
The skill exposes commands that update and delete local note files; this is expected for a note manager and is documented, but it can change user data.
python3 scripts/card_manager.py update 20260301-0001 --content "新内容" python3 scripts/card_manager.py delete 20260301-0001
Use it only on the intended note directory, keep backups for important notes, and use the documented undo/trash functions after mistakes.
Notes may be linked to agent memory dates or contexts, making personal context easier to find and reuse later.
The code declares an agent memory directory, matching the documented memory-association feature; persistent memory references can expose or reintroduce private context if users store sensitive details.
MEMORY_DIR = Path(os.environ.get("ZETTELKASTEN_MEMORY_DIR", "~/.openclaw/workspace/memory")).expanduser()Avoid putting secrets or highly sensitive context into memory references, and set the memory/card directories deliberately if you want separation from other agent workspace data.