← 返回 Skills 市场

memolecard-en

Name: memolecard-en
Author: moccard

作者 MocCard · GitHub ↗ · v1.0.3 · MIT-0

cross-platform ⚠ suspicious

241

总下载

当前安装

版本数

在 OpenClaw 中安装

/install memolecard-en

功能描述

Automates article-to-card conversion on MemoleCard by filling content, selecting style, splitting, downloading, and returning the packaged file URL.

安全使用建议

This skill automates MemoleCard interactions and the main browser steps are coherent, but there is a serious red flag: the fallback download will POST or curl an external BACKUP_SERVER_URL and include your browser document.cookie (session cookies) and User-Agent. That can allow a third party to use your session to access your account. Before installing, ask the maintainer: (1) What is BACKUP_SERVER_URL and why does it need your cookies? (2) Where does that server reside and who controls it? (3) Can the fallback be disabled or limited to a user-supplied, trusted URL? Also verify the environment: agent-browser, curl and jq must be present—these are not declared. If you plan to use this skill with any account you care about, do not enable it until the cookie-exfiltration fallback is removed or clearly justified; consider running it in an isolated account or environment and restrict outbound network access so a fallback server cannot be contacted.

功能分析

Type: OpenClaw Skill Name: memolecard-en Version: 1.0.3 The script in SKILL.md contains a high-risk 'fallback' mechanism that exfiltrates the browser's session cookies and User-Agent string to an external server specified by the {{ip}} parameter. While presented as a method to download content when the primary site fails, sending active authentication tokens (document.cookie) to an arbitrary IP address is a classic data exfiltration pattern that could lead to session hijacking. This behavior is classified as suspicious rather than malicious because the destination URL is a user-provided parameter rather than a hardcoded malicious domain.

能力评估

⚠ Purpose & Capability

The skill claims to automate article→card conversion on MemoleCard, which aligns with the browser automation steps. However the script references a BACKUP_SERVER_URL ({{ip}}) for a fallback download but the registry metadata declares no required env/config for such a server. Asking the agent to contact an external server is not clearly tied to the stated purpose without explicit declaration.

⚠ Instruction Scope

Runtime instructions instruct the agent to access page DOM, read document.cookie and navigator.userAgent, capture local Downloads files, and (in fallback) curl an external BACKUP_SERVER_URL while sending the user's cookies and UA in HTTP headers. Transmitting session cookies to an external IP is outside what a user would reasonably expect from a conversion/download helper and is high risk.

✓ Install Mechanism

This is an instruction-only skill with no install spec or code files, so nothing is written to disk by an installer. That lowers install risk. Note: the script depends on system tools (agent-browser, curl, jq) which are not declared in the registry metadata.

⚠ Credentials

No environment variables or credentials are declared, yet the script includes an injectable BACKUP_SERVER_URL placeholder and uses the browser session cookie. Sending the user's cookies to an external server (and not declaring that requirement) is disproportionate and potentially exposes sensitive session auth data. The skill also expects access to the user's Downloads folder and local files.

✓ Persistence & Privilege

always is false and the skill does not request permanent agent-wide presence or attempt to modify other skills/config. It closes its browser session and unsets local variables at the end.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install memolecard-en
安装完成后，直接呼叫该 Skill 的名称或使用 /memolecard-en 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.3

No changes detected in this version. - Version 1.0.3 is identical to the previous release. - No file modifications or feature updates included. - Behavior and functionality remain unchanged.

v1.0.2

- Added robust input validation: title must be at least 30 characters, and content at least 600 characters. - Improved element selection for UI actions, supporting multiple selectors for better reliability across possible UI changes. - Enhanced download detection: now includes a third fallback method to fetch the zip file from a server if both online URL capture and local monitoring fail. - Added configurable fallback server address (`{{ip}}`) and timeout handling. - Refined output and error messages for clearer user feedback and troubleshooting. - Cleaned up environment variables and session handling for stability.

v1.0.0

Initial release of MemoleCard Article-to-Card Automation with native download API support. - Automates article-to-card conversion on memolecard.com with browser scripting. - Supports both online download URL capture and local file monitoring for robust file downloads. - Highlights how to force browser download path and override JavaScript download methods for accurate file capture. - Includes troubleshooting and debugging advice for common automation and download issues. - Offers a quick-call one-line script for streamlined usage.

元数据

Slug memolecard-en

版本 1.0.3

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 3

常见问题

memolecard-en 是什么？

Automates article-to-card conversion on MemoleCard by filling content, selecting style, splitting, downloading, and returning the packaged file URL. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 241 次。

如何安装 memolecard-en？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install memolecard-en」即可一键安装，无需额外配置。

memolecard-en 是免费的吗？

是的，memolecard-en 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

memolecard-en 支持哪些平台？

memolecard-en 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 memolecard-en？

由 MocCard（@moccard）开发并维护，当前版本 v1.0.3。