← Back to Skills Marketplace

yinxiang-notes

Name: yinxiang-notes
Author: suepradun

by suepradun · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

118

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install yinxiang-notes

Description

印象笔记（中国版）集成 skill。使用 Developer Token 在印象笔记中创建、整理和搜索笔记。支持笔记本列表、创建笔记、更新笔记内容/标签、移动笔记到废纸篓、查看/清空废纸篓、搜索内容、增量同步到 Obsidian vault。适用于使用 app.yinxiang.com 的用户。

Usage Guidance

What to consider before installing: - Credential handling: this skill requires an Evernote developer token (EVERNOTE_TOKEN) and a NoteStore URL (EVERNOTE_NOTESTORE_URL) provided via a .env file — but the registry metadata does not declare them. Treat that as a red flag: confirm you have only the minimal token you trust and that the .env file doesn't contain other secrets. - Log leakage: several scripts print token fragments (and list_tags.py prints the token variable). These outputs can appear in logs or consoles and may leak credentials — remove or redact those prints before use. - Hard-coded behaviors: sync_to_obsidian.py writes to a hard-coded VAULT_PATH (C:\Users\adun\Documents\印象笔记同步) and get_note_enml.py contains a hard-coded TARGET_GUID and writes its content to scripts/note_enml_output.xml. Update these defaults to safe, user-controlled values or run the scripts in a sandbox until you confirm the paths are appropriate. - File I/O & data exposure: the sync will write notes and attachments to your local filesystem; if you run it in a directory containing other sensitive files, it may read/write state nearby (.env lookup traverses up). Place the skill in an isolated workspace or ensure .env contains only Evernote credentials for this skill. - Autonomous invocation: the skill can be invoked by the agent (normal default). If you are concerned about automated access to your Evernote data, disable autonomous invocation or require manual confirmation before running scripts. - Recommended actions before use: (1) inspect and remove the get_note_enml.py hard-coded GUID or only run it after review; (2) change/remove token-printing lines; (3) set VAULT_PATH to a directory you control; (4) supply a scoped developer token (least privilege) and not a broad production token; (5) run first in a disposable environment to verify behavior. If you want, I can: (a) list the exact lines that print token or reference the hard-coded GUID/path to help you patch them, or (b) produce a safe checklist/patch set to sanitize the scripts prior to use.

Capability Analysis

Type: OpenClaw Skill Name: yinxiang-notes Version: 1.0.0 The skill bundle provides a comprehensive integration for Yinxiang (Evernote China), allowing for note management, searching, and incremental synchronization to a local Obsidian vault. While the code contains some author-specific hardcoded elements—such as a local file path in `sync_to_obsidian.py` (`C:\Users\adun\...`) and a specific note GUID in a debug script (`get_note_enml.py`)—these appear to be remnants of personal development rather than malicious artifacts. The scripts use the official Evernote SDK, implement basic filename sanitization, and the destructive 'empty trash' functionality is clearly documented and requires manual confirmation.

Capability Assessment

ℹ Purpose & Capability

The scripts implement Evernote (印象笔记) operations and an Obsidian sync as described — creating, updating, deleting, searching notes and syncing to a local vault. However the registry metadata claims no required environment variables or primary credential even though every script expects an EVERNOTE_TOKEN (and a NoteStore URL) provided via a .env file. That metadata omission is an incoherence: the skill does require sensitive credentials to function.

⚠ Instruction Scope

SKILL.md and included scripts operate within the stated domain (Evernote API and local Obsidian vault). But the code: (1) looks for a .env file by traversing up from scripts/ (may read tokens from workspace root), (2) contains a get_note_enml.py with a hard-coded TARGET_GUID that will fetch a specific note and write it to disk, and (3) writes files into a hard-coded VAULT_PATH (Windows path) when syncing. Those behaviors expand the runtime scope (reading .env, writing to arbitrary local paths, saving note contents to disk) and include non-obvious defaults. Also some scripts print the token prefix to stdout/logs and one script prints the token variable (list_tags.py), which risks leaking credentials in logs.

ℹ Install Mechanism

There is no automated install spec (instruction-only with Python scripts). SKILL.md tells the user to pip install evernote3, thrift, html2text; that is expected and low-risk compared to arbitrary downloads. Because installation is manual, risk is limited to what the Python runtime and packages do at execution time (no remote executable downloads in the manifest).

⚠ Credentials

The code requires an Evernote developer token (EVERNOTE_TOKEN) and optionally EVERNOTE_NOTESTORE_URL via a .env file, but the registry metadata lists no required env vars or primary credential — this mismatch is significant. The scripts read that token from disk (not from process env) and then use it as an Authorization Bearer header to call the NoteStore. Additional concerns: scripts log/print token snippets (and in one case the token is printed to stdout), and the sync writes data to a default local vault path that may overwrite or expose local files. All requested environment/credential access should be declared explicitly in metadata — here it is not.

✓ Persistence & Privilege

The skill does not request 'always:true' and does not modify other skills or global agent settings. It can be invoked by the agent (normal default), and the scripts persist state only to local files (a .sync_state.json and the target Obsidian vault). No elevated platform privileges are requested in the manifest.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install yinxiang-notes
After installation, invoke the skill by name or use /yinxiang-notes
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of 印象笔记（中国版）集成 skill. - 支持 Developer Token 认证，安全访问印象笔记 API - 提供完整的笔记管理脚本，包括创建、更新、删除、搜索、笔记本和标签查看 - 增量同步笔记内容与结构到本地 Obsidian vault，保留原有层级与资源 - 支持附件、内嵌图片、网页裁剪等多种笔记类型的处理及转 Markdown - 附带废纸篓查看与清空，支持标签管理和高级搜索 - 内置 API 限流自适应，断点续传和友好错误处理

Metadata

Slug yinxiang-notes

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is yinxiang-notes?

印象笔记（中国版）集成 skill。使用 Developer Token 在印象笔记中创建、整理和搜索笔记。支持笔记本列表、创建笔记、更新笔记内容/标签、移动笔记到废纸篓、查看/清空废纸篓、搜索内容、增量同步到 Obsidian vault。适用于使用 app.yinxiang.com 的用户。 It is an AI Agent Skill for Claude Code / OpenClaw, with 118 downloads so far.

How do I install yinxiang-notes?

Run "/install yinxiang-notes" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is yinxiang-notes free?

Yes, yinxiang-notes is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does yinxiang-notes support?

yinxiang-notes is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created yinxiang-notes?

It is built and maintained by suepradun (@suepradun); the current version is v1.0.0.

More Skills