← 返回 Skills 市场
337
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install koreader-highlights
功能描述
Use this skill when the user asks about reading highlights, book notes, annotations, or reading history from KOReader. Triggers: "what books", "show highligh...
使用说明 (SKILL.md)
KOReader Highlights Skill
\x3CIMPORTANT> NEVER put commands, code, JSON, file paths, or errors in your reply to the user. Run all commands via your tool/bash function. Only reply with clean human-readable text. If something fails, say it in plain words without technical details. \x3C/IMPORTANT>
Step 1: Find the highlights directory
Run this via your tool (NOT in your reply):
find ~/Dropbox/Apps -name "*.sdr.json" -maxdepth 2 2>/dev/null | head -5
- If results come back, the directory is the parent folder of those files.
- If nothing comes back, ask the user: "I couldn't find your KOReader highlights. What's the name of your HighlightSync folder under Dropbox/Apps?"
- Save the discovered path in
MEMORY.mdfor future sessions.
Step 2: List books
Run via tool:
ls ~/Dropbox/Apps/\x3CAPP_NAME>/*.sdr.json 2>/dev/null
Each .sdr.json file = one book. The book title is the filename without .sdr.json.
Example: Designing Data-Intensive Applications.sdr.json → book title is "Designing Data-Intensive Applications"
Reply to user like: "You have 5 books in your library: ..." (list the titles)
Step 3: Read highlights from a book
Run via tool:
python3 -c "
import json
with open('\x3CFULL_PATH_TO_FILE>') as f: data=json.load(f)
for h in data: print(h.get('datetime',''), '|', h.get('chapter',''), '|', h.get('pageno',''), '|', h.get('text','')[:200])
"
Reply with the highlights formatted naturally:
- "From chapter X, page Y (March 6, 2026): [highlight text]"
Step 4: Search across all books
Run via tool:
python3 -c "
import json, glob, os
for f in glob.glob(os.path.expanduser('~/Dropbox/Apps/\x3CAPP_NAME>/*.sdr.json')):
title = os.path.basename(f).replace('.sdr.json','')
data = json.load(open(f))
for h in data:
if '\x3CSEARCH_TERM>'.lower() in h.get('text','').lower() or '\x3CSEARCH_TERM>'.lower() in h.get('notes','').lower():
print(title, '|', h.get('pageno',''), '|', h.get('text','')[:200])
"
Step 5: Latest highlights
Run via tool:
python3 -c "
import json, glob, os
all_h = []
for f in glob.glob(os.path.expanduser('~/Dropbox/Apps/\x3CAPP_NAME>/*.sdr.json')):
title = os.path.basename(f).replace('.sdr.json','')
data = json.load(open(f))
for h in data:
if h.get('datetime'): all_h.append((h['datetime'], title, h.get('chapter',''), h.get('pageno',''), h.get('text','')))
all_h.sort(reverse=True)
for dt,t,ch,pg,tx in all_h[:10]: print(dt, '|', t, '|', ch, '|', pg, '|', tx[:200])
"
.sdr.json format
Each file is a flat JSON array. Here is a real example:
[{"datetime":"2026-03-06 18:42:42","chapter":"Why You Might Need a Sharded Cache","pageno":192,"page":"/body/DocFragment[25]/body/p[41]/text().0","text":"in Why You Might Need a Sharded Cache"},{"datetime":"2026-03-07 09:07:13","pageno":192,"page":"/body/DocFragment[25]/body/p[48]/text().10","drawer":"lighten","chapter":"Why You Might Need a Sharded Cache","pos0":"/body/DocFragment[25]/body/p[48]/text().10","pos1":"/body/DocFragment[25]/body/p[49]/text().33","text":"the primary reason for sharding any service is to increase the size of the\
data being stored in the service.","color":"gray"}]
Fields you SHOW to the user: text, datetime, chapter, pageno, notes (if present).
Fields you IGNORE (internal, never show): page, drawer, color, pos0, pos1.
Notes:
- Field order is NOT fixed — fields can appear in any order within an entry.
drawer,color,pos0,pos1are optional — not every entry has them.notesis optional — only present when the user wrote an annotation.textmay contain\newlines.
Error handling
If ANY command fails, NEVER show the error to the user. Instead say one of:
- "I couldn't find your highlights directory. Is Dropbox synced?"
- "I couldn't read that book's highlights. The file might be empty or corrupted."
- "No highlights matched your search."
- "I ran into a problem reading your data. Could you check if the file exists?"
Must refuse
- Modify, delete, or write any file (except workspace memory)
- Anything unrelated to book highlights
- Creating scripts or files on disk
- Network operations
安全使用建议
This skill appears to do what it says: read KOReader HighlightSync (.sdr.json) files in a Dropbox-synced folder, list books, search highlights, and save the discovered folder and simple preferences in workspace memory. Before installing, confirm: (1) you are comfortable with the agent reading files under ~/Dropbox/Apps (it does not require Dropbox credentials or network access); (2) it will write small workspace files (MEMORY.md and USER.md) to remember the path and preferences; (3) it performs 'silent' shell/python commands and will not show command output or errors to you (errors are summarized in human language); and (4) it may run heartbeat checks that inspect file modification times to detect new highlights. If any of those behaviors are unacceptable (for example, you don't want any automated file checks or you keep highlights in a different location), do not install or provide an alternate folder location when prompted.
功能分析
Type: OpenClaw Skill
Name: koreader-highlights
Version: 1.0.1
The skill is designed to retrieve and search KOReader highlights from Dropbox, but it contains significant command injection vulnerabilities in SKILL.md. Specifically, user-provided search terms and file paths are interpolated directly into inline `python3 -c` commands without any sanitization, allowing for arbitrary code execution. Furthermore, the instructions in AGENTS.md and SKILL.md strictly forbid the agent from displaying technical details, commands, or error messages to the user, which would effectively hide the results of any exploitation or malicious activity from the user's view.
能力评估
Purpose & Capability
Name and description (KOReader highlights) match the actions the skill requests: searching ~/Dropbox/Apps for .sdr.json files, listing them, loading JSON, and searching/highlighting entries. No unrelated credentials, binaries, or network access are required.
Instruction Scope
SKILL.md and supporting docs instruct the agent to run local shell/python commands to find and read .sdr.json files under ~/Dropbox/Apps and to save the discovered path and preferences into workspace memory files (MEMORY.md, USER.md). This is within scope, but the skill enforces 'silent execution' (never show commands/paths/errors) and includes heartbeat/periodic checks which imply the agent will check filesystem modification times; users should be aware the agent will read Dropbox-local files and file metadata automatically.
Install Mechanism
Instruction-only skill with no install spec or external downloads. No code files executed from remote sources; inline python -c and standard shell utilities are used at runtime (expected for a local read-only data extractor).
Credentials
The skill requests no environment variables, tokens, or external credentials. Its access is limited to reading local Dropbox-synced files and writing its own workspace memory files, which is proportionate to the described functionality.
Persistence & Privilege
always is false and the skill does not request special platform privileges. It does expect to update its own memory files (MEMORY.md, USER.md) and run periodic heartbeat checks that inspect file modification times; this is reasonable for a 'remember the Dropbox path' use case but users should know the skill will read file metadata on heartbeats and persist small workspace state.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install koreader-highlights - 安装完成后,直接呼叫该 Skill 的名称或使用
/koreader-highlights触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Major update: user replies are now strictly human-readable only — no commands, code, file paths, or technical details are displayed.
- Clearer step-by-step workflow for finding and reading KOReader highlights, with specific instructions for book listing, searching, and highlight summary.
- Improved error handling: instead of showing errors or technical output, users see plain, friendly messages if something goes wrong.
- All supported fields and file format details clarified; only user-relevant data is ever shown, with internal fields ignored.
- The skill continues to be read-only and focused solely on KOReader highlight data.
v1.0.0
KOReader Highlights skill – initial release:
- Lets you browse, search, and analyze highlights, annotations, and reading notes exported by KOReader using locally synced `.sdr.json` files.
- Handles user questions about their reading history, book notes, favorite passages, and reading stats from KOReader or the HighlightSync plugin.
- Strictly read-only: can only retrieve and summarize highlights; cannot change or delete any data.
- Answers only questions related to book highlights, annotations, and reading metadata; refuses unrelated tasks.
元数据
常见问题
koreader-highlights 是什么?
Use this skill when the user asks about reading highlights, book notes, annotations, or reading history from KOReader. Triggers: "what books", "show highligh... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 337 次。
如何安装 koreader-highlights?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install koreader-highlights」即可一键安装,无需额外配置。
koreader-highlights 是免费的吗?
是的,koreader-highlights 完全免费(开源免费),可自由下载、安装和使用。
koreader-highlights 支持哪些平台?
koreader-highlights 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 koreader-highlights?
由 myugan(@myugan)开发并维护,当前版本 v1.0.1。
推荐 Skills