← 返回 Skills 市场
147
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install siyuan-export
功能描述
思源笔记文档导出工具。将思源笔记文档导出为 Word(docx) 格式,支持按文档 ID/路径/名称搜索导出,图片自动打包进文档。支持单个文档导出和批量导出子文档。触发词:导出文档、导出 Word、siyuan export、思源导出、批量导出、导出子文档
安全使用建议
This skill largely does what it promises (export SiYuan notes to .docx) and uses only Python stdlib, but take these precautions before using it: 1) The skill needs your SiYuan API token (SIYUAN_TOKEN) even though the registry metadata doesn't list it — treat that as required and keep the token secret. 2) Prefer keeping SIYUAN_BASE_URL as the default localhost (http://127.0.0.1:6806); do not point it to an unknown remote server (that would let that remote host receive requests authenticated with your token). 3) Review the script yourself or run it in a controlled environment — the script builds SQL queries via string interpolation from user input (search keywords, IDs), which can cause unexpected queries; avoid running it with untrusted or automated inputs unless you sanitize them. 4) Store token via environment variables rather than a plaintext config.json in shared locations. 5) If you need higher assurance, request that the publisher correct the registry metadata to declare required env vars and provide a verified homepage/source, or run the script locally after manual code review.
功能分析
Type: OpenClaw Skill
Name: siyuan-export
Version: 1.0.2
The script `scripts/siyuan_export.py` contains multiple SQL injection vulnerabilities where user-provided inputs (search keywords, document IDs, and paths) are directly interpolated into SQL query strings sent to the local Siyuan Note API. While the tool's functionality aligns with its stated purpose of exporting notes to Word format, these security flaws allow for potential manipulation of the local database. No evidence of intentional malice, such as data exfiltration to external domains or remote code execution, was detected.
能力评估
Purpose & Capability
Name/description match the code and instructions: the script calls SiYuan export and query APIs and writes .docx output. However the registry metadata claims 'required env vars: none' and 'primary credential: none' while both the SKILL.md and the script require an API token (SIYUAN_TOKEN) and may read SIYUAN_BASE_URL / SIYUAN_TIMEOUT. This metadata omission is an inconsistency.
Instruction Scope
SKILL.md stays within the stated purpose (configure token/base URL, call local SiYuan APIs, write docx). The script only reads config.json in the skill directory and environment variables, queries the SiYuan API, and writes export files. A noteworthy point: SQL statements are built by string interpolation with user-supplied values (search keywords, doc IDs), which can allow unexpected/malicious queries against the SiYuan API if untrusted input is provided.
Install Mechanism
No install spec — instruction-only with a Python script relying only on the standard library. Nothing is downloaded or extracted at install time, which lowers installation risk.
Credentials
The skill requires a SiYuan API token and optionally a base URL and timeout (SIYUAN_TOKEN, SIYUAN_BASE_URL, SIYUAN_TIMEOUT), but the registry metadata does not declare these. Requesting an API token is expected for this functionality, but the missing declaration is a transparency issue. Also be aware that if you set SIYUAN_BASE_URL to a remote host (instead of the default localhost), the script will talk to that host using your token — so never point it to an untrusted remote server.
Persistence & Privilege
always:false and the skill does not request persistent platform-level privileges. It does not modify other skills' configuration or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install siyuan-export - 安装完成后,直接呼叫该 Skill 的名称或使用
/siyuan-export触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Added config.example.json as a configuration template (including timeout field).
- Added .gitignore file.
- Removed config.json; users are now encouraged to copy and rename config.example.json or use environment variables for configuration.
- Updated documentation to clarify multiple configuration methods and improve usage instructions.
v1.0.1
siyuan-export 1.3.0 introduces new features and usage improvements:
- 新增按文档名称关键字搜索导出功能(`--search` / `-s` 参数)
- 使用方法与参数说明部分加入“搜索导出”用法,并简化参数说明
- 技能描述更新,明确支持按文档 ID/路径/名称搜索导出
- 其他描述文本优化,更突出各项核心特性
v1.0.0
- Initial release of siyuan-export: A tool to export SiYuan documents to Word (.docx) format.
- Supports export by document ID or path; images are embedded into the docx file automatically.
- Offers both single document export and batch export of sub-documents (including nested).
- Provides structured JSON output for easier integration with other tools.
- Requires a running SiYuan instance and user configuration of baseURL and token.
- Pure Python implementation with no external dependencies.
元数据
常见问题
siyuan-export 是什么?
思源笔记文档导出工具。将思源笔记文档导出为 Word(docx) 格式,支持按文档 ID/路径/名称搜索导出,图片自动打包进文档。支持单个文档导出和批量导出子文档。触发词:导出文档、导出 Word、siyuan export、思源导出、批量导出、导出子文档. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 147 次。
如何安装 siyuan-export?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install siyuan-export」即可一键安装,无需额外配置。
siyuan-export 是免费的吗?
是的,siyuan-export 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
siyuan-export 支持哪些平台?
siyuan-export 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 siyuan-export?
由 chim(@chimyves)开发并维护,当前版本 v1.0.2。
推荐 Skills