← Back to Skills Marketplace
xybio

siyuan-api

by xybio · GitHub ↗ · v1.4.3 · MIT-0
cross-platform ⚠ suspicious
296
Downloads
1
Stars
2
Active Installs
40
Versions
Install in OpenClaw
/install siyuan-api
Description
Local SiYuan API integration for notebook/document/block/asset operations and SQL search. Uses only local HTTP endpoints and environment-based token auth.
Usage Guidance
This skill is coherent with its stated purpose, but it requires your SiYuan API token which grants broad read/write access to your notes, files, and assets. Before installing: (1) only set SIYUAN_API_URL to a localhost address (127.0.0.1/localhost) unless you intentionally want remote access; (2) keep SIYUAN_API_TOKEN secret and don't paste it into chat; (3) consider using a temporary or limited token if possible; (4) be cautious about autonomous agent actions—if you enable the agent to call skills automatically, review actions that create, modify, or export documents; and (5) revoke the token if you suspect misuse. If you need stronger assurance, ask the publisher for signed source or an official integration rather than a generic instruction-only skill.
Capability Analysis
Type: OpenClaw Skill Name: siyuan-api Version: 1.4.3 The skill provides a comprehensive interface to the local SiYuan note-taking API, granting the agent high-risk capabilities such as arbitrary file read/write operations, SQL query execution, and network proxying. While these features are aligned with the stated purpose of notebook management and the SKILL.md includes security warnings, the inclusion of the 'forwardProxy' and 'pandoc' endpoints in the reference documentation (references/api.md) provides a significant attack surface that could be used to bypass the 'local-only' scope or execute arbitrary commands. The broad authority over the local filesystem and database via the API constitutes a high-risk capability without evidence of direct malice.
Capability Assessment
Purpose & Capability
Name/description match behavior: the skill documents calling a local SiYuan HTTP API and only requires SIYUAN_API_TOKEN (primary credential) and an optional SIYUAN_API_URL. Those env vars are appropriate and expected for this integration.
Instruction Scope
SKILL.md contains only API call examples and explicit security guidance to use local endpoints and not log the token. The instructions reference only the declared env vars. However, nothing in the instruction bundle enforces the 'local-only' requirement — if a user sets SIYUAN_API_URL to a remote host the same calls would run against that host.
Install Mechanism
No install spec or code is provided (instruction-only). No downloads or binaries are requested, which minimizes install-time risk.
Credentials
Requiring SIYUAN_API_TOKEN and SIYUAN_API_URL is proportionate to the stated purpose. Be aware the token is powerful: SiYuan API endpoints exposed in the references include document/block creation, file write, asset upload, and SQL queries — all of which are read/write and could expose or modify local data if misused.
Persistence & Privilege
The skill does not request always:true, does not include install steps, and does not ask to modify other skills or system config. The agent may invoke the skill autonomously by default (normal), but that capability is not unique to this skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install siyuan-api
  3. After installation, invoke the skill by name or use /siyuan-api
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.3
fix bug
v1.4.2
Fix metadata schema for requires.env (string array) and remove hard-coded config-path guidance.
v1.4.1
Resubmit skill after security scan review.
v1.4.0
Add documentation: support reading and from for cleaner configuration management
v1.3.9
fix bug
v1.3.8
Fix metadata/env consistency, remove hidden unicode control chars, and add OpenClaw CLI/chat install instructions.
v1.3.7
fix bug
v1.3.6
fix bug
v1.3.5
- Improved documentation wording for clarity and consistency. - Environment variable description adjusted: now uses clearer arrow notation (→) for SiYuan UI locations. - Example code simplified for better readability, removing process.env usage and using direct token/URL values. - Minor formatting updates for headers and sections. - No functional or API changes; documentation update only.
v1.3.4
- Updated wording from "Settings → About" to "Settings - About" for SIYUAN_API_TOKEN instructions. - Aligned relevant Chinese UI text in documentation to match this change. - No functional changes; documentation only.
v1.3.3
- Documentation or formatting updates only in SKILL.md. - No changes to functionality or code. - Existing usage, features, and environment variables remain unchanged.
v1.3.2
Fix: resolve metadata inconsistency by adding package.json with correct required environment variables; clarify access scope in documentation
v1.3.1
Fix: 1)统一Authorization header格式为小写token; 2)clarify token from environment variable SIYUAN_API_TOKEN; 3)add privilege warning for broad access
v1.3.0
Fix: 1) resolve metadata inconsistency via package.json; 2)统一Authorization header格式为小写token; 3)clarify token from env and add privilege warning
v1.2.9
Fix: 1) resolve metadata inconsistency via package.json; 2)统一Authorization header格式为小写token
v1.2.8
Fix: 1) resolve metadata inconsistency via package.json; 2)统一Authorization header格式为小写token
v1.2.7
Fix: resolve metadata inconsistency by adding package.json with correct required environment variables; clarify access scope in documentation
v1.2.6
Fix metadata env format, uniform Authorization header format (lowercase token), improve security disclosure
v1.2.5
Fix metadata inconsistency: correct required env var declaration via package.json
v1.2.4
Fix metadata inconsistency: correct required env var declaration via package.json
Metadata
Slug siyuan-api
Version 1.4.3
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 40
Frequently Asked Questions

What is siyuan-api?

Local SiYuan API integration for notebook/document/block/asset operations and SQL search. Uses only local HTTP endpoints and environment-based token auth. It is an AI Agent Skill for Claude Code / OpenClaw, with 296 downloads so far.

How do I install siyuan-api?

Run "/install siyuan-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is siyuan-api free?

Yes, siyuan-api is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does siyuan-api support?

siyuan-api is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created siyuan-api?

It is built and maintained by xybio (@xybio); the current version is v1.4.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments