← 返回 Skills 市场
94
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install idea-capture
功能描述
Capture or update an idea, append an update log, and write a session summary for later retrieval.
使用说明 (SKILL.md)
Idea Capture
Use this skill when the user wants to save or update an idea/project discussion.
Storage
- Main idea doc:
ideas/\x3Cidea-id>.md - Session summaries:
ideas/summaries/\x3Cidea-id>/\x3Ctimestamp>.md - Human index:
ideas/INDEX.md - Machine catalog:
ideas/catalog.json
Inputs
Provide what you have:
titlesummarynotestagsmode:create|update|auto- optional
idea_id - optional
source - optional open questions / next steps
Matching rules
update: require an existing matchauto: preferidea_id, then normalized title/slug, else create- avoid duplicate idea files when a clear match exists
Behavior
Use scripts/idea_capture.py for the write/update work.
Example:
python3 skills/idea-capture/scripts/idea_capture.py \
--title "Desktop Pet OpenClaw" \
--summary "Turn OpenClaw into a desktop pet assistant" \
--notes "Need create/update/session-summary support." \
--tags ai,desktop,agent \
--mode auto \
--source qqbot
Expected result
Report:
- idea id
- created vs updated
- changed files
- session summary path
Guardrails
- Keep the main idea doc readable.
- Preserve update history.
- Put chronology in update logs / session summaries, not in long repeated prose.
安全使用建议
This skill generally does what it claims — it writes idea files, a human index, a catalog.json, and per-session summaries into an ideas/ directory. Before installing or allowing an agent to invoke it automatically, consider: 1) The script accepts an --idea-id and uses it directly to build file paths without sanitization; do not pass idea_id values from untrusted sources (they could include ../ to escape the ideas/ directory). 2) Only run this skill in workspaces you trust or where overwriting arbitrary files would not be harmful. 3) Recommended fixes: sanitize idea_id (e.g., run slugify on any supplied idea_id or explicitly reject path separators), or resolve and verify the target path is inside IDEAS_DIR (compare .resolve() parents). 4) If you plan to let an autonomous agent call this skill, restrict inputs and/or disable autonomous invocation until the path-handling is hardened. If you want, I can produce a small patch that enforces safe idea_id handling and prevents path traversal.
功能分析
Type: OpenClaw Skill
Name: idea-capture
Version: 1.0.0
The skill is designed to manage idea documents but contains a path traversal vulnerability in scripts/idea_capture.py. The --idea-id command-line argument is used to construct file paths (e.g., IDEAS_DIR / f"{idea_id}.md") without sanitization, which could allow an agent or user to write or overwrite files outside the intended ideas/ directory. While the logic aligns with the stated purpose of capturing ideas and lacks evidence of intentional malice, this lack of input validation is a high-risk flaw.
能力评估
Purpose & Capability
The name/description align with what the skill actually does: create/update idea Markdown files, session summaries, a human INDEX.md, and a catalog.json in a workspace-local ideas/ directory. There are no unrelated credentials, binaries, or network endpoints requested.
Instruction Scope
SKILL.md instructs the agent to run the included script with optional --idea-id input. The script writes files under a workspace ideas/ layout only, which is expected. However, the code uses the provided idea_id directly when constructing file paths (IDEAS_DIR / f"{idea_id}.md") without validating or sanitizing it. If an attacker or a misbehaving agent supplies a crafted idea_id containing path components (e.g., '../otherdir/evil'), the script could create or overwrite files outside the intended ideas/ directory. SKILL.md does not warn about this or restrict inputs.
Install Mechanism
This is an instruction-only skill with a bundled Python script; there is no install spec, no external downloads, and nothing is written to disk at install time beyond the skill's own files. Risk from install mechanism is low.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The script also does not read environment variables or network endpoints. Its filesystem access is limited to writing the ideas/ subtree — appropriate for its purpose, except for the unsanitized idea_id issue noted above.
Persistence & Privilege
The skill is not force-included (always: false) and is user-invocable; it does not modify other skills or global agent settings. Its persistence is limited to creating and updating files in the repository workspace (the intended behavior).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install idea-capture - 安装完成后,直接呼叫该 Skill 的名称或使用
/idea-capture触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release.
元数据
常见问题
Idea Capture 是什么?
Capture or update an idea, append an update log, and write a session summary for later retrieval. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 94 次。
如何安装 Idea Capture?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install idea-capture」即可一键安装,无需额外配置。
Idea Capture 是免费的吗?
是的,Idea Capture 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Idea Capture 支持哪些平台?
Idea Capture 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Idea Capture?
由 kid0114(@kid0114)开发并维护,当前版本 v1.0.0。
推荐 Skills