← 返回 Skills 市场
96
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install notetaker-pro
功能描述
AI note-taking assistant that captures, cleans, organizes, tags, and indexes text, voice, paste, and photo inputs for instant, searchable notes.
安全使用建议
This package looks like a legitimate note-taking skill, but do not run its setup blindly. Before installing: 1) Inspect SETUP-PROMPT commands and avoid pasting the whole block directly into an agent — run the mkdir/chmod/cp steps yourself from a trusted shell and verify the paths the find commands match. 2) Disable or restrict automatic URL fetching: require explicit confirmation before the agent fetches any user-supplied URL, add an allowlist, and block loopback/private addresses to avoid SSRF. 3) Confirm you are comfortable granting the agent network access at all (the skill can operate locally; networked dashboard/sync features are optional and will require separate credentials). 4) Review scripts/export-notes.sh and run it in a controlled environment (it contains safety checks but should be audited in your environment). 5) Remember the SKILL.md includes prompt-injection defense wording (it intentionally contains phrases like 'ignore previous instructions' to teach the agent to ignore such content) — that flagged scanners but is defensive. If you need higher assurance, consider running the agent with limited network permissions or manually implementing the recommended URL safety policy and tightening the setup copy workflow before enabling the skill.
功能分析
Type: OpenClaw Skill
Name: notetaker-pro
Version: 1.0.0
NoteTaker Pro is a well-structured note-taking skill that includes multi-modal intake, auto-organization, and export capabilities. The bundle demonstrates significant security awareness, featuring explicit prompt-injection defenses in SKILL.md and path-traversal protections within the export script (scripts/export-notes.sh). The setup process (SETUP-PROMPT.md) correctly implements restrictive file permissions (chmod 600/700) for user data. While the skill possesses high-privilege capabilities like web fetching and shell execution, these are functionally justified and accompanied by safeguards, with no evidence of malicious intent or unauthorized data exfiltration.
能力评估
Purpose & Capability
Name/description match the files and instructions: multi-modal note capture, auto-organization, tagging, export. No unrelated credentials or binaries are requested. Dashboard/sync components refer to optional integrations (Supabase/dashboard) but those require additional configuration not declared as required environment variables.
Instruction Scope
SKILL.md stays within note-taking scope for most operations, but allows 'web_fetch' of user-provided URLs without a stated allowlist or host-scheme restrictions (SSRF risk). The SETUP-PROMPT copies files using broad find/cp commands which can inadvertently copy attacker-controlled files if run from an untrusted working directory. The skill does explicitly include prompt-injection defense language (treat ingested content as data), which is good, but the instructions still contain an automated web fetch path and broad file-copy steps that expand the agent's reach beyond local note processing.
Install Mechanism
No install spec (instruction-only) and only one included shell utility (export-notes.sh). There are no remote downloads or third-party package installs in the package. The export script appears to include filesystem safety checks (realpath normalization, category sanitization) and uses standard patterns.
Credentials
The package requests no environment variables or credentials. However the dashboard/dashboard-kit documentation and sync architecture describe upserting to Supabase and Next.js API endpoints — those operations would require credentials if the optional dashboard/sync features are enabled. The base skill itself does not request those creds, but enabling the dashboard later will require additional secrets and network access.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. The setup prompt instructs copying skill files into config and scripts directories and creating data/ directories inside the user's workspace, which is normal for a skill that stores local data. It does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install notetaker-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/notetaker-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
notetaker-pro 是什么?
AI note-taking assistant that captures, cleans, organizes, tags, and indexes text, voice, paste, and photo inputs for instant, searchable notes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 96 次。
如何安装 notetaker-pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install notetaker-pro」即可一键安装,无需额外配置。
notetaker-pro 是免费的吗?
是的,notetaker-pro 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
notetaker-pro 支持哪些平台?
notetaker-pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 notetaker-pro?
由 Nollio(@nollio)开发并维护,当前版本 v1.0.0。
推荐 Skills