← Back to Skills Marketplace
94
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install idea-capture
Description
Capture or update an idea, append an update log, and write a session summary for later retrieval.
README (SKILL.md)
Idea Capture
Use this skill when the user wants to save or update an idea/project discussion.
Storage
- Main idea doc:
ideas/\x3Cidea-id>.md - Session summaries:
ideas/summaries/\x3Cidea-id>/\x3Ctimestamp>.md - Human index:
ideas/INDEX.md - Machine catalog:
ideas/catalog.json
Inputs
Provide what you have:
titlesummarynotestagsmode:create|update|auto- optional
idea_id - optional
source - optional open questions / next steps
Matching rules
update: require an existing matchauto: preferidea_id, then normalized title/slug, else create- avoid duplicate idea files when a clear match exists
Behavior
Use scripts/idea_capture.py for the write/update work.
Example:
python3 skills/idea-capture/scripts/idea_capture.py \
--title "Desktop Pet OpenClaw" \
--summary "Turn OpenClaw into a desktop pet assistant" \
--notes "Need create/update/session-summary support." \
--tags ai,desktop,agent \
--mode auto \
--source qqbot
Expected result
Report:
- idea id
- created vs updated
- changed files
- session summary path
Guardrails
- Keep the main idea doc readable.
- Preserve update history.
- Put chronology in update logs / session summaries, not in long repeated prose.
Usage Guidance
This skill generally does what it claims — it writes idea files, a human index, a catalog.json, and per-session summaries into an ideas/ directory. Before installing or allowing an agent to invoke it automatically, consider: 1) The script accepts an --idea-id and uses it directly to build file paths without sanitization; do not pass idea_id values from untrusted sources (they could include ../ to escape the ideas/ directory). 2) Only run this skill in workspaces you trust or where overwriting arbitrary files would not be harmful. 3) Recommended fixes: sanitize idea_id (e.g., run slugify on any supplied idea_id or explicitly reject path separators), or resolve and verify the target path is inside IDEAS_DIR (compare .resolve() parents). 4) If you plan to let an autonomous agent call this skill, restrict inputs and/or disable autonomous invocation until the path-handling is hardened. If you want, I can produce a small patch that enforces safe idea_id handling and prevents path traversal.
Capability Analysis
Type: OpenClaw Skill
Name: idea-capture
Version: 1.0.0
The skill is designed to manage idea documents but contains a path traversal vulnerability in scripts/idea_capture.py. The --idea-id command-line argument is used to construct file paths (e.g., IDEAS_DIR / f"{idea_id}.md") without sanitization, which could allow an agent or user to write or overwrite files outside the intended ideas/ directory. While the logic aligns with the stated purpose of capturing ideas and lacks evidence of intentional malice, this lack of input validation is a high-risk flaw.
Capability Assessment
Purpose & Capability
The name/description align with what the skill actually does: create/update idea Markdown files, session summaries, a human INDEX.md, and a catalog.json in a workspace-local ideas/ directory. There are no unrelated credentials, binaries, or network endpoints requested.
Instruction Scope
SKILL.md instructs the agent to run the included script with optional --idea-id input. The script writes files under a workspace ideas/ layout only, which is expected. However, the code uses the provided idea_id directly when constructing file paths (IDEAS_DIR / f"{idea_id}.md") without validating or sanitizing it. If an attacker or a misbehaving agent supplies a crafted idea_id containing path components (e.g., '../otherdir/evil'), the script could create or overwrite files outside the intended ideas/ directory. SKILL.md does not warn about this or restrict inputs.
Install Mechanism
This is an instruction-only skill with a bundled Python script; there is no install spec, no external downloads, and nothing is written to disk at install time beyond the skill's own files. Risk from install mechanism is low.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The script also does not read environment variables or network endpoints. Its filesystem access is limited to writing the ideas/ subtree — appropriate for its purpose, except for the unsanitized idea_id issue noted above.
Persistence & Privilege
The skill is not force-included (always: false) and is user-invocable; it does not modify other skills or global agent settings. Its persistence is limited to creating and updating files in the repository workspace (the intended behavior).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install idea-capture - After installation, invoke the skill by name or use
/idea-capture - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release.
Metadata
Frequently Asked Questions
What is Idea Capture?
Capture or update an idea, append an update log, and write a session summary for later retrieval. It is an AI Agent Skill for Claude Code / OpenClaw, with 94 downloads so far.
How do I install Idea Capture?
Run "/install idea-capture" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Idea Capture free?
Yes, Idea Capture is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Idea Capture support?
Idea Capture is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Idea Capture?
It is built and maintained by kid0114 (@kid0114); the current version is v1.0.0.
More Skills