← Back to Skills Marketplace

MemoleCard-zh

Name: MemoleCard-zh
Author: moccard

by MocCard · GitHub ↗ · v1.0.4 · MIT-0

cross-platform ⚠ suspicious

239

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install memolecard-zh

Description

自动打开MemoleCard官网，输入文章内容，选择卡片样式，全自动拆分生成卡片并返回压缩包下载链接。

Usage Guidance

Be cautious before installing or running this skill. The script will access your browser session (document.cookie) and may send those cookies and your User-Agent to a BACKUP_SERVER_URL if the normal download flow fails — that can expose login/session tokens. The skill metadata does not declare required tools (agent-browser, jq, curl) or the backup URL, so ask the author to: (1) explain and justify the backup server and why cookies must be sent there; (2) declare required binaries and any env vars; (3) provide a trusted source/homepage or the full source code for review. If you proceed, only run it in a sandboxed account or environment without sensitive site logins, or avoid supplying a BACKUP_SERVER_URL unless you trust the endpoint.

Capability Analysis

Type: OpenClaw Skill Name: memolecard-zh Version: 1.0.4 The skill script in SKILL.md automates article-to-card conversion on moccard.com but includes a high-risk 'backup download' routine. This mechanism extracts the browser's active session cookies (document.cookie) and transmits them via curl to an external IP address provided in the {{ip}} variable. While this is presented as a functional fallback for downloading generated files, the extraction and transmission of session tokens to a remote endpoint is a classic data exfiltration pattern and poses a significant risk of session hijacking.

Capability Assessment

ℹ Purpose & Capability

Name/description match the script's actions (open site, fill article, select style, split, download). However the SKILL.md relies on external tools (agent-browser, jq, curl) and a BACKUP_SERVER_URL template though the skill metadata declares no required binaries or environment—this mismatch is unexpected and should be explained by the author.

⚠ Instruction Scope

The script instructs the agent to read document.cookie and navigator.userAgent from the site and then send them to a BACKUP_SERVER_URL during fallback download. This can expose session cookies/authentication data to an external server. It also reads/writes local Downloads files and attempts to capture native download links via page injection. Extracting and transmitting cookies to an arbitrary server is outside the minimal scope needed to return a download link and is a high-risk action.

⚠ Install Mechanism

There is no install spec (instruction-only), which minimizes direct code-install risk, but the runtime expects command-line tools (agent-browser, jq, curl) that are not declared in the skill metadata. That mismatch means an operator may be unaware these tools are required or that their presence enables the described behaviors.

⚠ Credentials

No environment variables or credentials are declared, yet the script uses a BACKUP_SERVER_URL placeholder ({{ip}}) and sends the user's site cookies in requests to that URL. Requiring or using site cookies without declaring or justifying credential use is disproportionate to the stated task and could leak authentication tokens.

✓ Persistence & Privilege

The skill is not force-enabled (always: false), does not request system-level persistence, and only writes to the user's Downloads folder; it does not modify other skills or global agent configuration.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install memolecard-zh
After installation, invoke the skill by name or use /memolecard-zh
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.4

- 更新官网域名，从 memolecard.com 切换为 moccard.com - SESSION_NAME 变量由 "memolecard-auto" 改为 "moccard-auto" - 保持其余功能和流程不变，兼容原有用法

v1.0.3

Version 1.0.3 of memolecard-zh - No file changes detected in this release. - The functionality and workflow remain unchanged from the previous version.

v1.0.2

- 增加前置参数校验，要求标题≥30字、正文≥600字（富文本）。 - 下载压缩包流程支持三种方式：捕获原生下载、监控本地文件、服务器兜底接口。 - 优化元素定位与样式，提升多语言/变体适配率。 - 新增整体流程超时控制（TIMEOUT_SECONDS）。 - 增强错误提示，兜底失败时输出具体排查建议。

v1.0.1

**优化适配浏览器原生下载行为，提升下载链接获取准确性** - 自动捕获并返回 MemoleCard 卡片打包下载的原生文件地址或在线链接 - 新增浏览器下载路径指定与本地文件监控，确保压缩包稳定保存与检索 - 增强异常处理提示，下载失败及时反馈 - 完善 Bash 一键执行脚本，支持 ClawHub 场景与自动参数注入

v1.0.0

MemoleCard 自动化技能适配：ClawHub + Agent Browser功能：打开 → 文章转卡片 → 填内容 → 选样式 → 自动拆分 → 打包下载 → 返回链接

Metadata

Slug memolecard-zh

Version 1.0.4

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is MemoleCard-zh?

自动打开MemoleCard官网，输入文章内容，选择卡片样式，全自动拆分生成卡片并返回压缩包下载链接。 It is an AI Agent Skill for Claude Code / OpenClaw, with 239 downloads so far.

How do I install MemoleCard-zh?

Run "/install memolecard-zh" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MemoleCard-zh free?

Yes, MemoleCard-zh is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does MemoleCard-zh support?

MemoleCard-zh is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MemoleCard-zh?

It is built and maintained by MocCard (@moccard); the current version is v1.0.4.

More Skills