← 返回 Skills 市场
2204
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install notnative
功能描述
Use Notnative MCP server for complete AI assistant integration with notes, calendar, tasks, Python, canvas, and permanent memory. This skill provides persist...
安全使用建议
This skill implements a WebSocket client that sends and retrieves persistent memories from a NotNative MCP server. Before installing or using it:
- Understand that SKILL.md requires the assistant to ALWAYS persist user personal facts (preferences, name, allergies, etc.). If you install, the assistant may record such information permanently to the configured NotNative server.
- The install script will run npm install, create ~/.config/env, add an export to your ~/.bashrc, and add a symlink in ~/.local/bin. Review the install.sh and only run it if you trust these changes.
- The skill transmits data over a WebSocket URL that you provide; do not point it at an untrusted remote server. If you must use a remote server, confirm its trustworthiness and data retention policy.
- Note a transparency issue: the manifest did not declare NOTNATIVE_WS_URL even though the runtime uses and persists it. Ask the maintainer to update metadata to list required env vars and document privacy/retention behavior.
- If you have privacy concerns, do not provide personal or sensitive information to the assistant while this skill is active, or avoid installing the skill. Consider isolating the NotNative server locally (localhost) if you want local-only persistence.
- If you need more assurance, request the upstream project/source code provenance and whether server-side MCP tool implementations have access controls or auditing for stored memory.
功能分析
Type: OpenClaw Skill
Name: notnative
Version: 1.0.1
The skill is suspicious due to several high-risk capabilities and a significant prompt injection vulnerability. The `SKILL.md` file contains strong directives for the AI agent to "ALWAYS" remember and recall user preferences and facts, making it highly susceptible to prompt injection attacks via the `memory_store` tool. Furthermore, the skill explicitly exposes a `run_python` tool (via `scripts/mcp-client.js`), allowing arbitrary Python code execution, which presents a direct Remote Code Execution (RCE) risk if exploited through prompt injection or direct user input. The `install.sh` script also modifies the user's `.bashrc` for configuration, which is a sensitive system modification, though for a stated purpose.
能力评估
Purpose & Capability
Name, description, and included files (a WebSocket MCP client) align with the stated purpose of connecting to a NotNative MCP server for notes/memory/calendar/tasks/Python/canvas. Required binaries (node, curl) and the dependency on the 'ws' npm package are expected for a WebSocket client.
Instruction Scope
SKILL.md mandates that the assistant 'ALWAYS' store user personal facts and search memory before responding. That gives the skill broad discretion to persist arbitrary user-provided personal data. The runtime instructions and client send data over a user-specified WebSocket to a NotNative server (local or remote), which means arbitrary user content can be transmitted off-host. The SKILL.md also references the NOTNATIVE_WS_URL environment variable but the registry metadata did not list any required env vars, creating a transparency gap.
Install Mechanism
There is no remote binary download; install.sh runs npm install (fetching 'ws' from the npm registry), makes the client executable, writes a .config/env file, creates a symlink in ~/.local/bin, and appends an export to ~/.bashrc. These actions are common for CLI tools but do modify user shell configuration and install files to the home directory—users should be aware and review the install script before running it.
Credentials
The skill runtime uses NOTNATIVE_WS_URL (and the install script persists that value into .config/env and ~/.bashrc) but the skill metadata did not declare any required env vars. While no unrelated cloud credentials are requested, the omission is an inconsistency that reduces transparency about where memories will be sent. The core capability (persistent memory) justifies needing a server URL, but the manifest should declare it.
Persistence & Privilege
The install script persists configuration (writes .config/env and appends NOTNATIVE_WS_URL to ~/.bashrc) and creates a symlink in ~/.local/bin, giving the skill ongoing presence on the host. More importantly, SKILL.md instructs the assistant to permanently store user personal facts in memory (by design for this skill), which increases the privacy and exfiltration risk if the configured NotNative server is remote or untrusted.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install notnative - 安装完成后,直接呼叫该 Skill 的名称或使用
/notnative触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
**Permanent memory and persistent user context are now enabled via NotNative/Memory tools.**
- Added install.sh script for easier installation and configuration.
- Removed package-lock.json.
- Introduced mandatory, persistent memory instructions—memory tools (store/recall) must now be used for all user facts and preferences.
- Updated documentation to emphasize use of permanent memory and context recall.
- Clarified environment variables and configuration for local/remote server connections.
- Expanded metadata with requirements and homepage link.
v1.0.0
Initial release: Connect to Notnative MCP WebSocket server for note management, calendar, tasks, Python execution, and canvas operations
元数据
常见问题
Notnative 是什么?
Use Notnative MCP server for complete AI assistant integration with notes, calendar, tasks, Python, canvas, and permanent memory. This skill provides persist... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2204 次。
如何安装 Notnative?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install notnative」即可一键安装,无需额外配置。
Notnative 是免费的吗?
是的,Notnative 完全免费(开源免费),可自由下载、安装和使用。
Notnative 支持哪些平台?
Notnative 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Notnative?
由 k4ditano(@k4ditano)开发并维护,当前版本 v1.0.1。
推荐 Skills