← 返回 Skills 市场
cryptocana

Nova Letters

作者 Novaiok · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
533
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install nova-letters
功能描述
Write reflective letters to your future self. Capture what matters across sessions.
安全使用建议
This skill appears to be a simple local CLI that saves and reads markdown 'letters' in ~/.openclaw/workspace/letters and does not access the network or request secrets. Before installing, note the documentation mismatches: SKILL.md/README list a 'today' command and claim timezone autodetection/NODE_TZ support, but the shipped CLI uses a 'read' command (which reads today by default) and hardcodes America/New_York for timestamps. Also confirm you are comfortable with the tool creating and appending files under ~/.openclaw/workspace/letters. If you want to use it in automation, test the actual commands (read vs today) and consider editing the source to respect your timezone or NODE_TZ if needed. If you have strict security requirements, run the CLI under a limited account and inspect the file path and code locally before installing globally.
功能分析
Type: OpenClaw Skill Name: nova-letters Version: 0.1.0 The skill's stated purpose of helping an AI agent write and read reflective letters is benign. However, the `nova-letters.js` script contains a path traversal vulnerability in its `readLetter` function. The `date` argument, which is used to construct the filename, is not sanitized, allowing an attacker or a compromised agent to read arbitrary files outside the intended `~/.openclaw/workspace/letters/` directory (e.g., `nova-letters read ../../../etc/passwd`). This critical information disclosure vulnerability makes the skill suspicious, as it allows for unauthorized access to system files.
能力评估
Purpose & Capability
Name/description match the code and files: the package implements a local CLI that writes, lists, reads, and searches daily markdown letter files under ~/.openclaw/workspace/letters. It does not request unrelated credentials or external services.
Instruction Scope
SKILL.md/README claim commands like 'nova-letters today' and describe auto-detected timezone / NODE_TZ configuration, but the implementation exposes 'read' (which defaults to today when no date is provided) rather than a 'today' subcommand, and the code hardcodes the 'America/New_York' timezone instead of honoring NODE_TZ. These are documentation/UX inconsistencies (not unexpected malicious behavior) but will confuse users and scripts.
Install Mechanism
No install specification in the registry; package.json provides a CLI entrypoint and the README suggests npm or a platform installer. Nothing is downloaded at runtime and there are no external install URLs, so install risk is low.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code only reads the user's home directory (os.homedir()) to store files under ~/.openclaw/workspace/letters, which is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges. It creates a directory and writes files under the user's home directory (normal for a local CLI). It does not modify other skills or system-wide configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install nova-letters
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /nova-letters 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
nova-letters 0.1.0 — Initial release - Write reflective letters to your future self, capturing key moments and thoughts across sessions. - Letters are saved daily as markdown files in `~/.openclaw/workspace/letters/`, each entry timestamped. - Commands to write, read, list, and watch letters; supports reading today’s or any specific day's letters. - Designed for meaning over logging—focus on reflections, not just facts. - Integrates easily with OpenClaw workflows and scripts.
元数据
Slug nova-letters
版本 0.1.0
许可证
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Nova Letters 是什么?

Write reflective letters to your future self. Capture what matters across sessions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 533 次。

如何安装 Nova Letters?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install nova-letters」即可一键安装,无需额外配置。

Nova Letters 是免费的吗?

是的,Nova Letters 完全免费(开源免费),可自由下载、安装和使用。

Nova Letters 支持哪些平台?

Nova Letters 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Nova Letters?

由 Novaiok(@cryptocana)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论