← Back to Skills Marketplace
132
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install siyuan-note
Description
思源笔记(SiYuan Note)本地 API 操作助手。用于读写笔记本、文档、块、搜索、模板、SQL 查询等本地笔记操作。触发场景:用户提到"思源笔记"、"SiYuan"、"帮我创建文档"、"搜索笔记"、"查询数据库"等。
Usage Guidance
This skill appears to be a legitimate SiYuan local-API helper, but consider the following before installing: (1) it expects and will use an API token (SIYUAN_TOKEN) even though the metadata doesn't declare it — treat that token as sensitive and confirm you want the skill/agent to have it; (2) the skill permits running arbitrary SQL against your local notes database (read and write) — review and restrict that capability if you don't want broad access or accidental data modification; (3) inspect the included scripts yourself (scripts/siyuan.py) to confirm behavior meets your expectations; and (4) if you proceed, prefer providing the token only when necessary, or require an explicit credential declaration/approval to reduce accidental token exposure.
Capability Analysis
Type: OpenClaw Skill
Name: siyuan-note
Version: 1.0.0
The skill provides a comprehensive interface for interacting with the local SiYuan Note API, including document management and raw SQL queries. It is classified as suspicious due to significant SQL injection vulnerabilities in `scripts/siyuan.py` and `SKILL.md`, where user-supplied input is directly interpolated into SQL strings (e.g., in the `search` and `search_titles` functions). Additionally, the skill exposes high-risk capabilities such as file deletion and a network forward proxy feature documented in `references/api.md`, which could be exploited if the agent is subjected to prompt injection.
Capability Assessment
Purpose & Capability
The name/description match the code and documentation: the SKILL.md, reference doc, and scripts all target the local SiYuan Note API (127.0.0.1:6806) and expose notebook/document/block/SQL operations as advertised.
Instruction Scope
Instructions stay within the stated domain (local SiYuan API calls). However the skill explicitly enables arbitrary SQL execution and shows examples of constructing SQL with direct string interpolation, which gives broad read/write access to the note database and can be used to exfiltrate or modify all notes. This is functionally consistent with the stated capability but is powerful and potentially dangerous if misused.
Install Mechanism
No install spec is provided (instruction-only), and included code is a small helper script that depends only on the widely used 'requests' library. There are no external downloads or obscure install steps.
Credentials
The script reads the SIYUAN_TOKEN environment variable and the SKILL.md shows Authorization: Token usage, but the skill metadata declares no required env vars or primary credential. That mismatch (code/instructions accessing a sensitive token while metadata doesn't list it) is an incoherence that could lead users to miss that a secret will be accessed. The token itself is appropriate for this integration, but it should be declared explicitly.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence, and it does not attempt to modify other skills or system-wide configs. Default autonomous invocation is allowed (platform default) but is not combined with other broad privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install siyuan-note - After installation, invoke the skill by name or use
/siyuan-note - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
SiYuan Note API Skill 1.0.0 — initial release:
- Provides local API helper for SiYuan Note, enabling notebook/document/block CRUD, search, templates, and SQL queries.
- Supports common workflows like creating documents, searching notes, appending content, and using templates.
- Includes concise API usage examples with required authentication (Token).
- Lists key SQL query patterns and important usage restrictions.
- All endpoints are for local use; SiYuan Note must be running locally.
Metadata
Frequently Asked Questions
What is Siyuan Note?
思源笔记(SiYuan Note)本地 API 操作助手。用于读写笔记本、文档、块、搜索、模板、SQL 查询等本地笔记操作。触发场景:用户提到"思源笔记"、"SiYuan"、"帮我创建文档"、"搜索笔记"、"查询数据库"等。 It is an AI Agent Skill for Claude Code / OpenClaw, with 132 downloads so far.
How do I install Siyuan Note?
Run "/install siyuan-note" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Siyuan Note free?
Yes, Siyuan Note is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Siyuan Note support?
Siyuan Note is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Siyuan Note?
It is built and maintained by 莫循 (@moxunjinmu); the current version is v1.0.0.
More Skills