← 返回 Skills 市场

PDF 转 GetNotes

Name: PDF 转 GetNotes
Author: pieces201020

作者 pieces201020 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install pdf-to-getnote

功能描述

当用户发送 PDF 文件并要求存入 GetNotes 时触发。执行完整流程：PDF 转图片 → AI 摘要生成 → 创建含摘要和全图片的单一笔记。触发词包括「PDF存到GetNotes」「PDF导入GetNotes」「把这个PDF存笔记里」。

安全使用建议

This skill performs the expected PDF → images → upload → create-note flow, but note these issues before installing: - Credentials & config are not declared: The script reads GetNotes credentials from ~/.openclaw/openclaw.json, yet the registry lists no required env vars or config paths. Expect to provide sensitive API credentials in that file if you use it. - Embedded API key in docs: references/full_sop.md includes an apparent API key and client ID. Treat those as secrets; if they are live, they should be rotated and removed from the package. Do not assume those values are safe to keep. - Data exfiltration risk: PDF pages (your document contents) are uploaded to openapi.biji.com. Only run this on non-sensitive documents or after confirming the service's privacy/security stance. - Testing recommendation: Audit the included script (scripts/run_pdf_to_getnote.py) locally, test with a throwaway PDF and a dedicated/limited GetNotes API key, and verify that the credentials the skill reads are the ones you expect. - Remediation suggestions: Ask the publisher to (1) declare required config paths/env vars in the registry metadata, (2) remove any hard-coded credentials from documentation, and (3) make credential input explicit (e.g., instruct user to provide keys rather than embedding them). If you cannot validate these fixes, treat the skill as untrusted and avoid giving it real credentials or sensitive PDFs.

功能分析

Type: OpenClaw Skill Name: pdf-to-getnote Version: 1.0.0 The skill facilitates PDF-to-note conversion but exhibits high-risk behaviors, primarily by reading the global OpenClaw configuration file (~/.openclaw/openclaw.json) which contains credentials for all installed skills (scripts/run_pdf_to_getnote.py). It also uses subprocess.run to execute curl for data uploads and contains a hardcoded API key and Client ID within its documentation (references/full_sop.md). While these actions appear aligned with the stated purpose of interacting with the GetNote API (openapi.biji.com), the broad file access and execution patterns are risky.

能力标签

requires-oauth-token

能力评估

⚠ Purpose & Capability

The skill's stated purpose (PDF → GetNotes) matches the code and instructions. However, the registry metadata declares no required credentials or config paths, while SKILL.md and the script explicitly read GetNotes credentials from ~/.openclaw/openclaw.json. The skill therefore requires access to user credentials that are not declared in the metadata, which is an incoherence.

⚠ Instruction Scope

Runtime instructions and the script read a user config file (~/.openclaw/openclaw.json), convert local PDFs to images under /tmp, call an internal model (MiniMax-M2) for summaries, upload images to openapi.biji.com, and create notes. Reading the user's home config file and uploading PDF pages (potentially sensitive content) to a third-party endpoint are within the skill's functional scope but the SKILL.md also gives the agent authority to access files and credentials not declared in metadata — this lack of explicit declaration is a scope/consent issue.

✓ Install Mechanism

No install spec; skill is instruction-only plus a Python script included. Nothing is downloaded or executed from unknown external URLs. Risk from install mechanism is low.

⚠ Credentials

The code requires GetNotes API credentials (apiKey and GETNOTE_CLIENT_ID) stored in ~/.openclaw/openclaw.json, but the registry lists no required env vars or config paths. Worse, references/full_sop.md contains a seemingly real API Key and Client ID embedded in the file — embedding credentials in distributed docs is a serious issue (leak or stale credentials). The optional MINIMAX_API_KEY is mentioned but not declared. Overall, requested credential access is plausible for the task but is not properly declared and sensitive data appears hard-coded in the files.

✓ Persistence & Privilege

The skill is user-invocable and not always-enabled. It does not request persistent platform-wide privileges, does not modify other skills, and does not set itself to always: true. Privilege level is appropriate.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install pdf-to-getnote
安装完成后，直接呼叫该 Skill 的名称或使用 /pdf-to-getnote 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of the "pdf-to-getnote" skill. - Automatically converts PDFs to notes in GetNotes with AI-generated summaries and embedded images. - Supports user trigger phrases: 「PDF存到GetNotes」「PDF导入GetNotes」「把这个PDF存笔记里」. - Implements full workflow: PDF to images (PyMuPDF, 2x zoom) → text extraction → AI summary (MiniMax-M2) → image upload → note creation. - Notes are created using "plain_text" type with Markdown-embedded images to work around API limitations. - Credentials are read securely from ~/.openclaw/openclaw.json; no hardcoded keys.

元数据

Slug pdf-to-getnote

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

PDF 转 GetNotes 是什么？

当用户发送 PDF 文件并要求存入 GetNotes 时触发。执行完整流程：PDF 转图片 → AI 摘要生成 → 创建含摘要和全图片的单一笔记。触发词包括「PDF存到GetNotes」「PDF导入GetNotes」「把这个PDF存笔记里」。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 77 次。

如何安装 PDF 转 GetNotes？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pdf-to-getnote」即可一键安装，无需额外配置。

PDF 转 GetNotes 是免费的吗？

是的，PDF 转 GetNotes 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

PDF 转 GetNotes 支持哪些平台？

PDF 转 GetNotes 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 PDF 转 GetNotes？

由 pieces201020（@pieces201020）开发并维护，当前版本 v1.0.0。