← 返回 Skills 市场
navyum

shimo-export

作者 Navyum · GitHub ↗ · v1.0.3 · MIT-0
cross-platform ⚠ suspicious
100
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install shimo-export
功能描述
石墨文档导出 AI Skill — 通过 AI Agent 与石墨文档 (shimo.im) API 交互, 实现自动登录、文件列表浏览、团队空间扫描、批量导出(支持 Markdown、PDF、Word、Excel、PPT、XMind、图片等格式)。 当用户提到石墨文档、导出文件、下载文档、批量导出、团队空间、文...
安全使用建议
What to consider before installing: 1) This skill will ask for your shimo session cookie (shimo_sid). That is required for exporting files — this is expected. But the skill's login script will run a local reverse-proxy (http://localhost:18927), open your browser, intercept the Set-Cookie header, and save the cookie to config/env.json in the skill directory. The cookie will therefore be stored on disk (mode 0600). 2) The SKILL.md contains some inconsistent claims: it says business scripts only read process.env.SHIMO_COOKIE, yet preflight-check and browser-login read/write config/env.json and preflight-check has a --raw mode that prints the cookie. Expect the cookie to be accessible on the host filesystem and potentially to stdout if piping is used. 3) The agent is instructed to automatically run browser-login on credential expiry and to suppress printing intermediate commands or cookie values. If you permit autonomous invocation, the agent may open the local proxy and browser without additional confirmation. If you are uncomfortable with that, disable automatic invocation or require manual approval before running auth scripts. 4) Practical recommendations: - Review the browser-login.cjs and preflight-check.cjs sources (they are included) so you understand exactly what will be proxied, saved, and printed. - Prefer setting SHIMO_COOKIE yourself in your environment (export SHIMO_COOKIE='...') or use a disposable account if you want to test first. - If you allow browser-login, run it in a trusted/isolated environment (not on a machine with high-value credentials) and verify config/env.json permissions after login. - Be cautious with preflight-check --raw: it prints the cookie to stdout and could be captured; avoid pasting cookie values into chat or logs. - If you need stricter control, require the agent to prompt for explicit user confirmation before running browser-login or performing writes to disk. Overall: the skill appears to do what it claims, but the combination of automatic local proxy login, on-disk credential storage, and contradictory documentation about credential handling make it suspicious enough to warrant caution and manual review before use.
能力评估
Purpose & Capability
Name/description (Shimo export) aligns with the code and required env var: the scripts call shimo.im APIs and require a shimo_sid cookie (declared SHIMO_COOKIE). Requested credential (SHIMO_COOKIE) is appropriate for this purpose. No unrelated external credentials or odd binaries are requested.
Instruction Scope
SKILL.md instructs the agent to autonomously run local scripts (including browser-login.cjs) and to never surface intermediate commands or cookie values to the user. The docs state 'all business scripts only read from process.env.SHIMO_COOKIE', but the provided preflight and browser-login scripts also read/write a local config/env.json. preflight-check.cjs supports a --raw mode that prints the cookie to stdout for piping. The skill also tells the agent to auto-run the browser-login flow on 401s without explicit user approval. These runtime instructions expand the agent's actions beyond simple API calls and reduce visibility.
Install Mechanism
No install spec (instruction-only install), so nothing is pulled from external package hosts. The skill includes Node.js scripts which will be executed; Node is a required runtime but not declared as a required binary. No remote downloads are performed by an installer. This is lower install risk, but code will be executed on the host.
Credentials
Only SHIMO_COOKIE is declared (good), and that is required for shimo.im API calls. However the scripts persist the cookie to disk at <skill-path>/config/env.json (browser-login.cjs saves shimo_sid and preflight-check reads that file). The SKILL.md claims business scripts only read process.env.SHIMO_COOKIE (contradicted by scripts). Storing sensitive session cookies on disk increases exposure; preflight-check --raw can emit the cookie to stdout which could be captured if not handled carefully.
Persistence & Privilege
The skill does write its own config/env.json and sets file permissions to 0600 (expected for session storage). always is false and the skill does not request system-wide config changes or modify other skills. Still, it launches a local HTTP proxy (listens on port 18927) and auto-opens the browser — behaviour that has privilege/visibility implications and should be consented to by the user.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install shimo-export
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /shimo-export 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
- Security and credential handling updated: credential files are now required to have 0600 permissions, and the config/ directory is added to .gitignore to prevent accidental commits. - Environment variable handling improved: all scripts now require credentials via the SHIMO_COOKIE environment variable only, never from files. - The certification preflight script now supports a --raw mode to output only the cookie value for downstream script use. - The README.md file was removed; a .gitignore file was added for sensitive configuration. - Documentation updated for improved security guidance and clearer step-by-step credential usage for both users and agents.
v1.0.1
shimo-export v1.0.1 - 新增详细 SKILL.md,规范输出行为、脚本用法、认证流程与错误处理方式 - 明确定义三大功能模块:认证(auth)、文件管理(file-management)、导出(export) - 强化安全与凭证管理,仅与官方 API 通信,凭证不会泄露 - 完善多格式批量导出、团队空间扫描及文件名格式化规则 - 优化用户引导,提升自动化处理和操作友好性
元数据
Slug shimo-export
版本 1.0.3
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

shimo-export 是什么?

石墨文档导出 AI Skill — 通过 AI Agent 与石墨文档 (shimo.im) API 交互, 实现自动登录、文件列表浏览、团队空间扫描、批量导出(支持 Markdown、PDF、Word、Excel、PPT、XMind、图片等格式)。 当用户提到石墨文档、导出文件、下载文档、批量导出、团队空间、文... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 100 次。

如何安装 shimo-export?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install shimo-export」即可一键安装,无需额外配置。

shimo-export 是免费的吗?

是的,shimo-export 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

shimo-export 支持哪些平台?

shimo-export 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 shimo-export?

由 Navyum(@navyum)开发并维护,当前版本 v1.0.3。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论