ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

siyuan-api

v1.4.3

Local SiYuan API integration for notebook/document/block/asset operations and SQL search. Uses only local HTTP endpoints and environment-based token auth.

1· 203·1 current·1 all-time
by@xybio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match behavior: the skill documents calling a local SiYuan HTTP API and only requires SIYUAN_API_TOKEN (primary credential) and an optional SIYUAN_API_URL. Those env vars are appropriate and expected for this integration.
Instruction Scope
SKILL.md contains only API call examples and explicit security guidance to use local endpoints and not log the token. The instructions reference only the declared env vars. However, nothing in the instruction bundle enforces the 'local-only' requirement — if a user sets SIYUAN_API_URL to a remote host the same calls would run against that host.
Install Mechanism
No install spec or code is provided (instruction-only). No downloads or binaries are requested, which minimizes install-time risk.
Credentials
Requiring SIYUAN_API_TOKEN and SIYUAN_API_URL is proportionate to the stated purpose. Be aware the token is powerful: SiYuan API endpoints exposed in the references include document/block creation, file write, asset upload, and SQL queries — all of which are read/write and could expose or modify local data if misused.
Persistence & Privilege
The skill does not request always:true, does not include install steps, and does not ask to modify other skills or system config. The agent may invoke the skill autonomously by default (normal), but that capability is not unique to this skill.
Scan Findings in Context
[no_code_files_regex_scan] expected: The regex-based scanner had no findings because this is an instruction-only skill with no code files; the provided references are API documentation (expected).
Assessment
This skill is coherent with its stated purpose, but it requires your SiYuan API token which grants broad read/write access to your notes, files, and assets. Before installing: (1) only set SIYUAN_API_URL to a localhost address (127.0.0.1/localhost) unless you intentionally want remote access; (2) keep SIYUAN_API_TOKEN secret and don't paste it into chat; (3) consider using a temporary or limited token if possible; (4) be cautious about autonomous agent actions—if you enable the agent to call skills automatically, review actions that create, modify, or export documents; and (5) revoke the token if you suspect misuse. If you need stronger assurance, ask the publisher for signed source or an official integration rather than a generic instruction-only skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9705fwy62t0kw16jk4901b2dn83x61e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvSIYUAN_API_TOKEN, SIYUAN_API_URL
Primary envSIYUAN_API_TOKEN

Comments