note-test1-limingzhi
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent IMA notes integration, but it will use your IMA credentials to read and write private notes.
Install this only if you want the agent to manage your IMA notes. Protect the IMA API key, prefer environment variables or tightly permissioned config files, and confirm create or append actions before they are sent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using these credentials could access the note operations allowed by the IMA OpenAPI.
The skill requires IMA API credentials, which allow authenticated access to the user's IMA notes account.
requires": { "env": ["IMA_OPENAPI_CLIENTID", "IMA_OPENAPI_APIKEY"] }Use only credentials you are comfortable delegating to this skill, keep the API key private, and revoke or rotate it if you no longer use the skill.
Private note text may be brought into the agent conversation when you ask to read or search notes.
The skill can retrieve full private note content, and the artifact itself recognizes that note bodies are sensitive.
读取笔记正文 | `get_doc_content` ... 笔记内容属于用户隐私,在群聊场景中只展示标题和摘要,禁止展示笔记正文。
Avoid using this skill in shared chats for sensitive notes, and review what note content is being requested before displaying or reusing it.
A mistaken or ambiguous request could add content to the wrong note or create unwanted notes.
The skill documents write-capable API operations that can create new notes or append content to existing notes.
新建一篇笔记 | `import_doc` ... 往已有笔记追加内容 | `append_doc`
For write actions, confirm the target notebook or note and review the content before allowing the agent to create or append.