← 返回 Skills 市场
yushimohuang

quick-note-tool

作者 yushimohuang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
643
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install quick-note-tool
功能描述
Fast note-taking and snippet storage. Use when user says "note:", "remember this", "save snippet", "quick note", or wants to save/read short text snippets.
安全使用建议
This skill appears to be a simple local notes utility and is internally coherent. Before installing: (1) be aware notes are stored in workspace_root/notes/quick-notes.md — don’t put secrets there if you need them protected; (2) the SKILL.md references a PowerShell script (note.ps1) that is not included — Windows support may be incomplete; (3) the script creates a backup file (quick-notes.md.bak) when deleting notes — check and clean backups if needed; (4) review the script yourself if you have strict security requirements (it uses grep, sed, cp and modifies files in the workspace but makes no network calls). If you plan to store sensitive data, prefer an encrypted storage solution instead of plaintext notes.
功能分析
Type: OpenClaw Skill Name: quick-note-tool Version: 1.0.0 The skill provides note-taking functionality but contains shell injection vulnerabilities in `scripts/note.sh` due to a lack of input sanitization. Specifically, the `search` and `tag` commands are vulnerable to grep argument injection (e.g., passing flags like '-f' to read other files), and the `delete` command uses unvalidated input in a `sed` range-delete operation, which could be manipulated to delete unintended data. While these appear to be unintentional programming flaws rather than malicious intent, they represent a vulnerability that could be exploited via prompt injection against the AI agent.
能力评估
Purpose & Capability
Name/description (quick note and snippet storage) matches the actual behavior: a bash script that stores, searches, lists, tags, and deletes notes in notes/quick-notes.md under the workspace root. No unrelated credentials, binaries, or system paths are required.
Instruction Scope
SKILL.md instructs the agent to run the included bash script (paths align). It also shows an example PowerShell invocation referencing skills/quick-note-1.0.0/scripts/note.ps1, but no note.ps1 is present in the package — Windows support appears incomplete. The instructions do not ask the agent to read or exfiltrate other files or environment variables beyond the workspace notes file.
Install Mechanism
There is no install spec (instruction-only plus a small script). Nothing is downloaded or written to unexpected system locations; the script only creates a notes/ directory in the workspace and a notes file there.
Credentials
No environment variables, credentials, or config paths are requested. The tool operates on a local workspace file only. Example content in the README shows storing API keys as user content, but that is a user action (not a credential requirement of the skill).
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent configuration. It persistently stores notes only in notes/quick-notes.md and creates a backup quick-notes.md.bak when deleting.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install quick-note-tool
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /quick-note-tool 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of quick-note. - Fast note-taking and snippet storage tool. - Supports adding, listing, searching, and tagging notes. - Notes stored as markdown in workspace folder: notes/quick-notes.md. - Usage via both PowerShell (Windows) and Bash (Linux/Mac/WSL) scripts. - Provides commands for adding, listing, searching, tagging, and deleting notes.
元数据
Slug quick-note-tool
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

quick-note-tool 是什么?

Fast note-taking and snippet storage. Use when user says "note:", "remember this", "save snippet", "quick note", or wants to save/read short text snippets. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 643 次。

如何安装 quick-note-tool?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install quick-note-tool」即可一键安装,无需额外配置。

quick-note-tool 是免费的吗?

是的,quick-note-tool 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

quick-note-tool 支持哪些平台?

quick-note-tool 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 quick-note-tool?

由 yushimohuang(@yushimohuang)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论