← 返回 Skills 市场
ScanWow Sync
作者
Brandon Stewart
· GitHub ↗
· v1.1.0
· MIT-0
621
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install scanwow-sync
功能描述
Sync your OpenClaw agent with the ScanWow iOS app. Receive high-quality OCR scans from your phone directly into your agent's workspace via a secure webhook.
安全使用建议
This skill appears to do what it says (receive OCR text via webhook and save it locally), but there are a few things to double-check before you install or run it:
- Metadata mismatch: SKILL.md expects SCANWOW_TOKEN and SCANWOW_DIR environment variables, but the registry lists none. Make sure to set SCANWOW_TOKEN to a strong secret and configure SCANWOW_DIR to a safe directory before running.
- Keep the server bound to 127.0.0.1 and use a trusted TLS tunnel (cloudflared/ngrok/Tailscale) rather than exposing plain HTTP. Verify the tunnel provider and URL you configure in the iOS app.
- Protect the token: treat SCANWOW_TOKEN like any API secret (store in your secrets manager / environment, rotate if leaked). The app stores the token in iOS secure storage, but your webhook must verify it reliably.
- Limit file write location: set SCANWOW_DIR to a dedicated, non-sensitive folder (not your home, not a system path). Review the code's filename sanitization—it's basic—so avoid exposing the server to untrusted networks.
- Validate payloads: consider adding stronger JSON schema validation, logging, and rate-limiting. The example allows up to 5MB and writes text directly to disk; you may want additional checks (e.g., reject unexpectedly large text fields or suspicious characters).
- Operational risk of tunnels: using public tunnels expands the attack surface—ensure you understand the tunnel provider's security model and do not reuse tokens across services.
If you want to proceed, request the owner to update the registry metadata to declare SCANWOW_TOKEN (and optionally SCANWOW_DIR) so your secrets management and policy tooling can track the requirement. If you need higher assurance, ask for a signed or versioned implementation and the exact expected webhook URL and token handling details.
功能分析
Type: OpenClaw Skill
Name: scanwow-sync
Version: 1.1.0
The skill provides a utility to sync OCR text from the ScanWow iOS app to a local workspace via a webhook. The included Python script (save_scans.py) uses standard libraries, implements Bearer token authentication, binds to localhost for safety, and includes basic path traversal sanitization for saved files.
能力评估
Purpose & Capability
The name/description (receive OCR scans via webhook) align with the provided instructions: a small HTTP webhook that authenticates with a bearer token and writes received text to files. No unrelated credentials, binaries, or installs are requested. The main mismatch is that the runtime instructions expect environment variables (SCANWOW_TOKEN, SCANWOW_DIR) although the registry lists no required env vars.
Instruction Scope
SKILL.md instructs the agent/operator to run a local Python webhook that binds to 127.0.0.1 and writes incoming JSON.text into files. That is within the stated purpose, but the instructions also read environment variables (SCANWOW_TOKEN, SCANWOW_DIR) that are not declared in the skill metadata. The instructions also recommend exposing the local server via third-party tunnels (ngrok, cloudflared), which increases operational risk if misconfigured. The webhook writes files to disk (default '.'), so the operator must ensure scans don't get stored in sensitive directories.
Install Mechanism
There is no install spec and no code files beyond the SKILL.md snippet (instruction-only). This is the lowest-risk install model: nothing would be automatically downloaded or written by an installer.
Credentials
The skill behavior requires a secret token for authentication (SCANWOW_TOKEN) and optionally a path (SCANWOW_DIR), but the registry lists no required environment variables or primary credential. Requesting a single bearer token is proportional to the task, but the metadata omission is an incoherence that could confuse users and automated controls (e.g., secrets managers won't know to provide SCANWOW_TOKEN).
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. It does not modify other skill configurations. The agent can invoke it autonomously (platform default), which is expected for a user-invocable webhook handler.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install scanwow-sync - 安装完成后,直接呼叫该 Skill 的名称或使用
/scanwow-sync触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Security hardening: HTTPS required, path traversal protection, payload size limits, localhost-only binding, strong token guidance. Updated docs with Cloudflare Tunnel/ngrok/Tailscale Funnel setup. Added App Store link.
v1.0.0
Initial release of scanwow-sync.
- Enables syncing OCR scans from the ScanWow iOS app directly to your OpenClaw agent workspace.
- Provides setup instructions for starting a secure HTTP webhook server.
- Supports secure API export using a token for authentication.
- Details the JSON payload structure sent from ScanWow for seamless document transfer.
- Designed for easy integration via your iPhone's camera and the ScanWow app.
元数据
常见问题
ScanWow Sync 是什么?
Sync your OpenClaw agent with the ScanWow iOS app. Receive high-quality OCR scans from your phone directly into your agent's workspace via a secure webhook. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 621 次。
如何安装 ScanWow Sync?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install scanwow-sync」即可一键安装,无需额外配置。
ScanWow Sync 是免费的吗?
是的,ScanWow Sync 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ScanWow Sync 支持哪些平台?
ScanWow Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ScanWow Sync?
由 Brandon Stewart(@brandons7)开发并维护,当前版本 v1.1.0。
推荐 Skills