Description

Create secure shareable self-destructing notes

README (SKILL.md)

FadNote Skill

Name: FadNote
Author: easyfloyd

Secure self-destructing shareable notes for OpenClaw

Create encrypted, one-time-read notes directly from OpenClaw. The server never sees your plaintext.

Overview

Property	Value
Name	fadnote
Version	1.0.2
Author	easyFloyd
License	MIT
Open Source	Yes — https://github.com/easyFloyd/fadnote
Runtime	Node.js 18+

Installation

# Via ClawHub
claw install fadnote

# Manual
git clone https://github.com/easyFloyd/fadnote.git
ln -s $(pwd)/fadnote/openclaw-skill/scripts/fadnote.js ~/.claw/bin/fadnote

Configuration

Variable	Default	Description
`FADNOTE_URL`	`https://fadnote.com`	FadNote server endpoint

Usage

From OpenClaw

user: Secure this API key: sk-abc123xyz

claw: I'll create a secure, self-destructing note for that.
      [runs: echo "sk-abc123xyz" | fadnote]

      🔗 https://fadnote.com/n/abc123# decryption-key-here

      Share it with the recipient via any channel and this link will self-destruct after first view.

CLI Usage

  Usage: fadnote [options] [text]
         echo "text" | fadnote [options]

  Create secure self-destructing notes that can only be viewed once.

  Options:
    -h, --help          Show this help message and exit
        --ttl \x3Csecs>    Time until note expires (default: 86400 = 24h)
        --json          Output JSON with noteId, expiresIn, and decryptionUrl

  Environment:
    FADNOTE_URL         API endpoint (default: https://fadnote.com)

  Examples:
    # Standard
    fadnote "My secret message" # direct input
    echo "My secret" | fadnote # from stdin

    # With options
    fadnote --ttl 3600 "Expires in 1 hour" # Custom TTL
    fadnote --json --ttl 7200 "JSON output" # JSON output:
      # {noteId: string, expiresIn: number, decryptionUrl: string}

    # File and clipboard input
    cat file.txt | fadnote --ttl 86400 # from stdin with options
    pbpaste | fadnote  # macOS clipboard
    xclip -o -selection clipboard | fadnote # from clipboard (Linux with xclip)
    xsel -b | fadnote # from clipboard (Linux with xsel)

Single Output: Single line with the shareable URL.

JSON Output:

{
  noteId: string,
  expiresIn: number,
  decryptionUrl: string
}

Triggers

I (OpenClaw) will automatically use the FadNote skill when you say any of:

"Secure this [content]"
"FadNote this [content]"
"Create a secure link for [content]"
"Share this securely: [content]"
"One-time note: [content]"
"Encrypt and share [content]"

With email delivery (if email skill is present):

"Secure this and email to [recipient]: [content]"
"FadNote this to [email]"
"Send secure note to [email]"

Examples:

- Secure this API key: sk-live-12345

- FadNote this password for the server

- Create a secure link for these credentials

- Share this securely: my private SSH key

- One-time note: the meeting location

Security

Client-side encryption — AES-256-GCM with PBKDF2 (600k iterations)
Zero knowledge — Server receives only encrypted blobs
One-time read — Note deleted immediately after first fetch
Auto-expire — Default 24 hour TTL
Open Source — Server code is publicly auditable at https://github.com/easyFloyd/fadnote

The decryption key is embedded in the URL fragment (#key) and never sent to the server.

Files

openclaw-skill/
├── SKILL.md           # This file
└── scripts/
    └── fadnote.js     # Main CLI script (~160 lines)

Requirements

Node.js 18+ (no external dependencies)

Troubleshooting

Error	Cause	Solution
`FADNOTE_URL not set`	Environment variable missing	`export FADNOTE_URL=https://fadnote.com`
`Empty note`	No input provided	Pipe text into fadnote: `echo "secret" \| fadnote`
`404 Not Found`	Server endpoint wrong	Check `FADNOTE_URL` points to a running FadNote instance
`Connection refused`	Server unreachable	Verify server is up or use the live service
`Crypto not available`	Node.js \x3C 18	Upgrade to Node.js 18+

Links

Live Service: https://fadnote.com
Source: https://github.com/easyFloyd/fadnote
Issues: https://github.com/easyFloyd/fadnote/issues

Usage Guidance

This skill appears to do what it claims: it encrypts your content locally and POSTs an encrypted blob to the configured FADNOTE_URL, with the decryption key placed in the URL fragment (not sent to the server). Before installing or using it: 1) Verify you trust the endpoint you set in FADNOTE_URL (the server will receive encrypted blobs and metadata like TTL and size). 2) If you rely on the claimed zero-knowledge model, review the publicly linked source (https://github.com/easyFloyd/fadnote) to confirm the implementation matches the SKILL.md. 3) Remember the decryption key is embedded in the shareable URL fragment — anyone with the full URL can decrypt the note. 4) If you plan to use automatic email delivery via another skill, be aware the skill will send the decryption URL through that channel. These are privacy/operational considerations, not evidence of malicious behavior.

Capability Analysis

Type: OpenClaw Skill Name: fadnote Version: 1.0.2 The OpenClaw FadNote skill is designed to create secure, self-destructing notes using client-side encryption. The `SKILL.md` clearly defines its purpose and usage, instructing the agent to pipe sensitive user input to the `fadnote.js` script for encryption. The `fadnote.js` script correctly implements AES-256-GCM encryption with PBKDF2 key derivation, sending only the encrypted blob to the `FADNOTE_URL` endpoint while keeping the decryption key client-side in the URL fragment. There is no evidence of prompt injection attempts in `SKILL.md`, unauthorized data exfiltration (beyond its stated, encrypted purpose), malicious execution, persistence mechanisms, or obfuscation. The skill's behavior is fully aligned with its stated purpose and cryptographic claims.

Capability Assessment

✓ Purpose & Capability

Name/description (self-destructing notes) match the provided files and behavior: the CLI encrypts input client-side and posts it to FADNOTE_URL. Required binary (node) and a configurable endpoint (FADNOTE_URL) are appropriate for this purpose. Minor note: primaryEnv is set to a URL (not a secret), which is unusual but not harmful.

✓ Instruction Scope

SKILL.md instructs the agent to run the fadnote CLI and only references the FADNOTE_URL env var and local stdin/cli usage. The runtime script only reads stdin/args, uses crypto, and POSTs the encrypted blob to the configured endpoint. There are no instructions to read unrelated files, other environment variables, or to exfiltrate raw plaintext to third parties.

✓ Install Mechanism

No automated install/download is present (no install spec). The package provides a local CLI script and suggests manual installation or ClawHub install. This is low-risk compared with arbitrary remote downloads or extract operations.

ℹ Credentials

Only FADNOTE_URL is required; that is proportional for a service endpoint. It is labeled as the primary credential in metadata even though it is not a secret credential — this is odd but not dangerous. The skill does not request tokens, keys, passwords, or unrelated credentials.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills or system configurations, and has no special persistent privileges. It can be invoked autonomously (platform default), which is expected for a user-invocable skill.

Version History

v1.0.2

- Added CLI options for specifying TTL, JSON output, and help message. - Enhanced usage examples and documentation for clipboard and file input methods. - Increased PBKDF2 encryption iterations to 600k for improved security.

v1.0.1

- Fix default TTL from 1 hour to 24

v1.0.0

Initial release of the fadnote skill (v1.0.0) - Create secure, self-destructing, shareable notes directly from OpenClaw - Notes are encrypted client-side; the server never sees your plaintext - One-time read: note is deleted after first access; 24-hour auto-expiry - Simple CLI usage and automatic triggers for secure note creation - Requires Node.js 18+ and FADNOTE_URL environment variable

Metadata

Slug fadnote

Version 1.0.2

License —

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is FadNote?

Create secure shareable self-destructing notes. It is an AI Agent Skill for Claude Code / OpenClaw, with 384 downloads so far.

How do I install FadNote?

Run "/install fadnote" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is FadNote free?

Yes, FadNote is completely free (open-source). You can download, install and use it at no cost.

Which platforms does FadNote support?

FadNote is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created FadNote?

It is built and maintained by easyFloyd (@easyfloyd); the current version is v1.0.2.

More Skills

FadNote