← 返回 Skills 市场
Core flow (triggered by
377
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install idea-vault
功能描述
Save and organize links, notes, and timestamps into a searchable Idea Vault. Use when a user drops a YouTube/web link (or just notes), then says “/vault” or...
使用说明 (SKILL.md)
Idea Vault (Public)
A lightweight capture → organize → retrieve workflow.
Goal
Turn messy chat drops (links + rough notes + timestamps) into structured markdown entries and a searchable index.
One-time setup (required)
Run this once after cloning the skill so OpenClaw can execute it reliably:
cd ~/.openclaw/skills/idea-vault
python3 --version
python3 -m pip install -r requirements.txt
Environment setup (recommended):
cp .env.example .env
# then set IDEA_VAULT_TRANSCRIPTAPI_KEY and IDEA_VAULT_DIR in your shell/env manager
Notes:
- Python 3 is required.
requestsfromrequirements.txtis required.IDEA_VAULT_TRANSCRIPTAPI_KEYis strongly recommended for reliable YouTube transcripts.yt-dlpis optional fallback for some videos/environments.
Privacy and network behavior
This skill can make outbound network calls to:
youtube.com(video/transcript fallback paths)transcriptapi.com(whenIDEA_VAULT_TRANSCRIPTAPI_KEYis set)- source/asset URLs included in captured messages
Security notes:
- The helper uses
subprocess.run([...], shell=False)foryt-dlp(no shell string execution). - Do not use this skill with sensitive private chat content unless you are comfortable with these external calls.
- Keep API keys in environment variables only; never commit secrets.
Inputs supported
- YouTube links + notes + optional timestamps
- Web links + notes
- Note-only captures (no link)
Recommended path setup (portable)
Use an environment variable or local default path:
VAULT_DIR="${IDEA_VAULT_DIR:-$HOME/workspace/idea-vault}"
CACHE_DIR="$VAULT_DIR/_cache"
Core flow (triggered by /vault or vault)
- Read recent messages in the current chat.
- Extract the newest capture block.
- If source is YouTube, fetch transcript + optional clips around timestamps.
- Write summary/elaboration/tags/associations.
- Upsert into vault (append addendum on duplicate URL/video).
Commands
Extract capture
python3 ./scripts/idea_vault.py extract --user-id \x3Cauthor.id> --fallback-messages 30 \x3C messages.json > capture.json
Fetch transcript (YouTube only)
Preferred source is TranscriptAPI via IDEA_VAULT_TRANSCRIPTAPI_KEY.
python3 ./scripts/idea_vault.py fetch --cache-dir "$CACHE_DIR" \x3C capture.json > youtube.json
Save / upsert entry
python3 ./scripts/idea_vault.py upsert --vault-dir "$VAULT_DIR" \x3C save_request.json > saved.json
Query vault
python3 ./scripts/idea_vault.py query --vault-dir "$VAULT_DIR" --limit 50
python3 ./scripts/idea_vault.py query --vault-dir "$VAULT_DIR" --since 2026-03-01
python3 ./scripts/idea_vault.py query --vault-dir "$VAULT_DIR" --channel "podcast" --text "pricing"
Annotate latest entry
python3 ./scripts/idea_vault.py annotate --vault-dir "$VAULT_DIR" --last --star true --priority high --add-tag actionable
save_request.json shape
{
"capture": {"...": "from extract"},
"source": {
"kind": "youtube|web|note",
"url": "https://... (optional)",
"title": "string (optional)",
"author": "string (optional)",
"id": "string (optional)",
"transcript_txt": "/path/to/transcript.txt (youtube only, optional)",
"transcript_json": "/path/to/raw.json (youtube only, optional)",
"clips": [{"center_sec": 123, "window_sec": 60, "text": "..."}]
},
"summary": "string",
"elaboration": "string",
"tags": ["tag"],
"associations": [{"timestamp_sec": 1461, "note": "..."}]
}
Output layout
Under VAULT_DIR:
entries/YYYY/YYYY-MM-DD__\x3Cslug>__[\x3Csuffix>].mdtranscripts/YYYY/\x3Cid>.transcript.txt(YouTube only)assets/YYYY/MM/*(optional attachments)index.json_cache/
Agent response style after save
Reply with:
- title + link
- 3–6 concise bullets
- relevant clips for flagged timestamps (if present)
- saved file path
安全使用建议
This skill appears to do what it claims: capture chat drops and optionally fetch YouTube transcripts. Before installing: (1) confirm you are comfortable with outbound requests to YouTube and transcriptapi.com (the transcript API key is used for TranscriptAPI); (2) pick a safe VAULT_DIR and avoid storing sensitive private chat content there; (3) keep API keys in environment variables and out of commits; (4) review that downloading attachments (the script can save assets) fits your security policy; and (5) if you rely on yt-dlp, ensure that binary and any cookies you provide are trustworthy. The transcript API key being marked as primary in metadata but described as "recommended" in docs is a minor documentation mismatch—clarify whether the key is mandatory for your use case.
功能分析
Type: OpenClaw Skill
Name: idea-vault
Version: 1.0.1
The skill is classified as suspicious due to a path traversal vulnerability in `scripts/idea_vault.py` within the `cmd_save` function, where attachment filenames from user messages are used to construct local file paths without sanitization. The script also performs high-risk operations including downloading arbitrary files from URLs found in chat and executing external binaries (`yt-dlp`) via `subprocess.run`. While these capabilities are plausibly required for the stated purpose of creating a searchable 'Idea Vault,' the lack of input validation and the reliance on potentially attacker-influenced environment variables for binary paths create a significant security risk.
能力评估
Purpose & Capability
Name/description match the actual capabilities: extracting captures from chat, fetching YouTube transcripts, saving markdown entries and an index. Required binary (python3) and the transcript API key (IDEA_VAULT_TRANSCRIPTAPI_KEY) are expected for this functionality. Minor inconsistency: SKILL.md calls the transcript API key "strongly recommended" while registry metadata marks it as the primaryEnv, but this is a small documentation mismatch rather than a functional mismatch.
Instruction Scope
Runtime instructions are narrowly scoped to: reading recent chat messages (provided to the extractor via stdin/messages.json), fetching transcripts from YouTube/TranscriptAPI, creating local files under a vault directory, and optionally downloading attachments. The SKILL.md explicitly warns about external network calls and does not instruct reading unrelated system files or secrets.
Install Mechanism
There is no automatic install step in the registry (user runs pip install -r requirements.txt). The requirements are minimal (requests). No remote, untrusted archives or opaque installers are fetched by the install process declared in the skill; only user-invoked package installation is recommended.
Credentials
The skill declares a single primary credential (IDEA_VAULT_TRANSCRIPTAPI_KEY) which maps to the TranscriptAPI calls; other optional env vars (e.g., IDEA_VAULT_DIR, YTDLP-related vars) are mentioned but not required. This is generally proportionate, though the metadata/README wording about which vars are required vs. recommended is slightly inconsistent and should be clarified before deployment.
Persistence & Privilege
always:false and no code indicates modification of other skills or system-wide settings. The skill writes to a local vault directory (user-configurable) and caches transcripts; this is expected behavior and limited in scope.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install idea-vault - 安装完成后,直接呼叫该 Skill 的名称或使用
/idea-vault触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Added env/setup clarity, privacy disclosures, and removed hardcoded binary paths.
v1.0.0
Initial public release
元数据
常见问题
Idea Vault 是什么?
Save and organize links, notes, and timestamps into a searchable Idea Vault. Use when a user drops a YouTube/web link (or just notes), then says “/vault” or... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 377 次。
如何安装 Idea Vault?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install idea-vault」即可一键安装,无需额外配置。
Idea Vault 是免费的吗?
是的,Idea Vault 完全免费(开源免费),可自由下载、安装和使用。
Idea Vault 支持哪些平台?
Idea Vault 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Idea Vault?
由 Liam(@loughness)开发并维护,当前版本 v1.0.1。
推荐 Skills