← Back to Skills Marketplace
330
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install siyuan-notes-skill
Description
思源笔记工具——搜索、阅读、编辑、组织用户的笔记。Use when user says: 搜索笔记、查找文档、打开文档、阅读笔记、编辑笔记、创建文档、修改块、思源笔记、SiYuan、整理文档、管理标签、Daily Note、反向链接、最近修改、PMF补丁、SQL查询blocks。不要用于与思源笔记无关的通用编程或...
Usage Guidance
This skill appears to implement a legitimate SiYuan notes CLI, but there are a few red flags you should check before installing or enabling write-capability:
- Expectation vs declaration: The skill requires SIYUAN_SERVER and SIYUAN_TOKEN (and an environment flag SIYUAN_ENABLE_WRITE to allow edits), but the registry metadata did not declare any required environment variables or primary credential. Treat that as a metadata omission — confirm you must provide these values before use.
- Sensitive credentials: Only provide SIYUAN_TOKEN to this skill if you trust the code and the agent runtime. With that token the skill can read and (if you enable writes) modify your SiYuan content. Keep SIYUAN_ENABLE_WRITE=false unless you intentionally want to allow edits.
- Disk persistence: The tool records 'read' marks and caches state on disk. Ask or inspect index.js to learn where that cache is stored if you care about local persistence or multi-user environments.
- Arbitrary queries and exports: The JS API exposes executeSiyuanQuery and apply-patch/PMF flows. Those are useful for advanced tasks but also allow wide read access (SQL) and bulk edits. Do not run this skill against an untrusted or remote SiYuan instance without reviewing the code and limiting network exposure.
- What to do next: review the index.js and any network-related code to confirm there are no unexpected external endpoints; confirm where cached/read-mark files are written; only set SIYUAN_ENABLE_WRITE=true in trusted contexts; and ideally ask the skill author to update registry metadata to declare required env vars (SIYUAN_SERVER, SIYUAN_TOKEN, SIYUAN_ENABLE_WRITE) and document cache paths. If you cannot review the code, treat it as read-only by leaving SIYUAN_ENABLE_WRITE unset/false and avoid running SQL queries that might exfiltrate data.
Capability Analysis
Type: OpenClaw Skill
Name: siyuan-notes-skill
Version: 0.1.0
The bundle is a comprehensive and well-documented tool for interacting with the SiYuan Notes API. It provides extensive functionality for searching, reading, and editing notes, including a sophisticated 'Write Safety Protocol' that uses optimistic locking (version checks) to prevent data loss, managed via a local cache file (`.siyuan-read-guard-cache.json`). While it possesses high-risk capabilities such as executing SQL queries against the SiYuan database and performing version checks via GitHub (`api.github.com`), these behaviors are transparently documented and strictly aligned with the stated purpose. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
The name, description, README and code consistently implement a SiYuan notes helper (search/read/edit/organize, PMF, SQL queries). Requiring Node.js and an accessible SiYuan kernel is expected. However the skill metadata lists no required environment variables or primary credential even though the README/SKILL.md and code expect SIYUAN_SERVER, SIYUAN_TOKEN and SIYUAN_ENABLE_WRITE (and optional SIYUAN_OPEN_DOC_*). That omission is an incoherence between claimed metadata and actual capability.
Instruction Scope
SKILL.md instructs the agent to run Node CLI commands that will: call the SiYuan API, mark documents as 'read' (side effect), persist read-mark cache to disk, and execute arbitrary SQL queries via executeSiyuanQuery. These actions are within the stated SiYuan purpose, but instructions also imply on-disk state and potential for large exports (full PMF) and SQL execution that could be used to read many records — the SKILL.md does not document where read-mark cache is stored or other file paths, which is a privacy/operational concern.
Install Mechanism
There is no install spec (instruction-only at registry level), and the skill ships code files (Node.js). No remote download/install script in the registry manifest was detected. Running the skill requires Node.js available in the agent environment; that is reasonable for a Node CLI-based skill. No high-risk external download or obfuscated installer was found in the provided files.
Credentials
The skill requires access to the SiYuan server and token (SIYUAN_SERVER, SIYUAN_TOKEN) and a write-enable flag (SIYUAN_ENABLE_WRITE) according to README/SKILL.md and code, but the registry metadata lists no required environment variables or primary credential. This mismatch is problematic: sensitive credentials are needed for normal operation but were not declared. Other env vars referenced (e.g., SIYUAN_OPEN_DOC_CHAR_LIMIT) are optional. The number and sensitivity of env vars is proportionate to the skill's function but must be explicitly declared so users know which secrets will be used.
Persistence & Privilege
The skill does not request 'always:true' and does not declare system-wide privileges. It does persist a 'read' marker cache to disk (SKILL.md), and write operations can modify user documents when SIYUAN_ENABLE_WRITE=true. Autonomous invocation is permitted by default (normal), so combined with write capability the skill could perform write operations if the environment variable enabling writes is set. That is expected for an editor skill but the precise cache path and persistence behavior are not documented in the metadata.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install siyuan-notes-skill - After installation, invoke the skill by name or use
/siyuan-notes-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
siyuan-notes-skill v0.1.0
- Initial release with detailed usage guide in SKILL.md.
- Supports searching, reading, editing, organizing, and querying notes in SiYuan.
- Includes command strategy selection, write safety protocol, and comprehensive command reference.
- Provides step-by-step examples for common patterns like searching, editing, inserting, and restructuring notes.
- Clarifies intent-based best practices to prevent data loss and version conflicts.
Metadata
Frequently Asked Questions
What is Siyuan Notes Skill?
思源笔记工具——搜索、阅读、编辑、组织用户的笔记。Use when user says: 搜索笔记、查找文档、打开文档、阅读笔记、编辑笔记、创建文档、修改块、思源笔记、SiYuan、整理文档、管理标签、Daily Note、反向链接、最近修改、PMF补丁、SQL查询blocks。不要用于与思源笔记无关的通用编程或... It is an AI Agent Skill for Claude Code / OpenClaw, with 330 downloads so far.
How do I install Siyuan Notes Skill?
Run "/install siyuan-notes-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Siyuan Notes Skill free?
Yes, Siyuan Notes Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Siyuan Notes Skill support?
Siyuan Notes Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Siyuan Notes Skill?
It is built and maintained by fanxing (@fanxing-6); the current version is v0.1.0.
More Skills