← Back to Skills Marketplace
快速笔记
by
Zhangyuechen
· GitHub ↗
· v1.0.0
729
Downloads
0
Stars
8
Active Installs
1
Versions
Install in OpenClaw
/install quick-note
Description
快速记录想法和笔记到本地文件。使用场景:(1) 快速记录灵感、想法 (2) 保存临时笔记 (3) 整理思路。支持添加、查看、搜索笔记。
Usage Guidance
这个技能看起来是正常的本地笔记工具,但在安装和使用前请注意: 1) SKILL.md 演示使用 `note` 命令,但仓库只包含 scripts/note.sh —— 如果要直接运行,先给脚本可执行权限 (chmod +x scripts/note.sh) 并将其放到 PATH(或创建别名/symlink);2) 脚本会在 ~/.quick-notes 写入和读取文件,`note clear` 会递归删除该目录,请在执行前备份重要笔记;3) 代码简单且无网络访问,但如果你担心误删除或符号链接攻击,可审阅/修改脚本以使用更严格的路径检查并在执行删除前提示确认;4) 若计划将该脚本给代理自动调用,确认代理运行环境的 HOME 值和权限,以避免非预期的文件操作。
Capability Analysis
Type: OpenClaw Skill
Name: quick-note
Version: 1.0.0
The `scripts/note.sh` file contains a critical shell injection vulnerability in the `add` command. The unquoted `$@` in `echo "- $@" >> "$NOTE_FILE"` allows an attacker to inject and execute arbitrary shell commands by crafting the note content (e.g., `note add "test; rm -rf /"`). While this presents a severe remote code execution risk, it is classified as suspicious rather than malicious because there is no clear evidence of intentional harmful behavior like data exfiltration or backdoors; it appears to be an unintentional scripting flaw.
Capability Assessment
Purpose & Capability
技能名称与描述(快速在本地记录、查看、搜索笔记)与包含的脚本和说明一致:脚本在 $HOME/.quick-notes 下按日期写入、列出、搜索和清空笔记。没有请求与功能不相干的权限或凭据。
Instruction Scope
SKILL.md 提供的命令示例(如 `note add`)与脚本文件名(scripts/note.sh)之间存在小差异:没有安装步骤把脚本放到 PATH 或创建别名;除此之外,运行时指令仅限于本地文件操作,没有读取系统范围凭据或向外传输数据。
Install Mechanism
没有安装规范——这是一个 instruction-only 技能但同时包含可执行脚本。因为没有说明如何将 scripts/note.sh 暴露为 `note` 命令,用户/代理需要手动放置或链接脚本到 PATH(这是可理解但应在说明中列出)。无外部下载或可疑 install 来源。
Credentials
不请求任何环境变量、凭据或配置路径;脚本仅使用 $HOME 来确定笔记目录,这与其功能相符。
Persistence & Privilege
技能未请求始终启用(always:false),也不修改其他技能或系统范围配置。唯一的破坏性操作是 `note clear` 会删除 ~/.quick-notes 目录(这与“清空笔记”功能相符,但应谨慎)。
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install quick-note - After installation, invoke the skill by name or use
/quick-note - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首个版本
Metadata
Frequently Asked Questions
What is 快速笔记?
快速记录想法和笔记到本地文件。使用场景:(1) 快速记录灵感、想法 (2) 保存临时笔记 (3) 整理思路。支持添加、查看、搜索笔记。 It is an AI Agent Skill for Claude Code / OpenClaw, with 729 downloads so far.
How do I install 快速笔记?
Run "/install quick-note" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 快速笔记 free?
Yes, 快速笔记 is completely free (open-source). You can download, install and use it at no cost.
Which platforms does 快速笔记 support?
快速笔记 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 快速笔记?
It is built and maintained by Zhangyuechen (@ikicc); the current version is v1.0.0.
More Skills