← 返回 Skills 市场
moxunjinmu

Siyuan Note

作者 莫循 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
132
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install siyuan-note
功能描述
思源笔记(SiYuan Note)本地 API 操作助手。用于读写笔记本、文档、块、搜索、模板、SQL 查询等本地笔记操作。触发场景:用户提到"思源笔记"、"SiYuan"、"帮我创建文档"、"搜索笔记"、"查询数据库"等。
安全使用建议
This skill appears to be a legitimate SiYuan local-API helper, but consider the following before installing: (1) it expects and will use an API token (SIYUAN_TOKEN) even though the metadata doesn't declare it — treat that token as sensitive and confirm you want the skill/agent to have it; (2) the skill permits running arbitrary SQL against your local notes database (read and write) — review and restrict that capability if you don't want broad access or accidental data modification; (3) inspect the included scripts yourself (scripts/siyuan.py) to confirm behavior meets your expectations; and (4) if you proceed, prefer providing the token only when necessary, or require an explicit credential declaration/approval to reduce accidental token exposure.
功能分析
Type: OpenClaw Skill Name: siyuan-note Version: 1.0.0 The skill provides a comprehensive interface for interacting with the local SiYuan Note API, including document management and raw SQL queries. It is classified as suspicious due to significant SQL injection vulnerabilities in `scripts/siyuan.py` and `SKILL.md`, where user-supplied input is directly interpolated into SQL strings (e.g., in the `search` and `search_titles` functions). Additionally, the skill exposes high-risk capabilities such as file deletion and a network forward proxy feature documented in `references/api.md`, which could be exploited if the agent is subjected to prompt injection.
能力评估
Purpose & Capability
The name/description match the code and documentation: the SKILL.md, reference doc, and scripts all target the local SiYuan Note API (127.0.0.1:6806) and expose notebook/document/block/SQL operations as advertised.
Instruction Scope
Instructions stay within the stated domain (local SiYuan API calls). However the skill explicitly enables arbitrary SQL execution and shows examples of constructing SQL with direct string interpolation, which gives broad read/write access to the note database and can be used to exfiltrate or modify all notes. This is functionally consistent with the stated capability but is powerful and potentially dangerous if misused.
Install Mechanism
No install spec is provided (instruction-only), and included code is a small helper script that depends only on the widely used 'requests' library. There are no external downloads or obscure install steps.
Credentials
The script reads the SIYUAN_TOKEN environment variable and the SKILL.md shows Authorization: Token usage, but the skill metadata declares no required env vars or primary credential. That mismatch (code/instructions accessing a sensitive token while metadata doesn't list it) is an incoherence that could lead users to miss that a secret will be accessed. The token itself is appropriate for this integration, but it should be declared explicitly.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistence, and it does not attempt to modify other skills or system-wide configs. Default autonomous invocation is allowed (platform default) but is not combined with other broad privileges here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install siyuan-note
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /siyuan-note 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
SiYuan Note API Skill 1.0.0 — initial release: - Provides local API helper for SiYuan Note, enabling notebook/document/block CRUD, search, templates, and SQL queries. - Supports common workflows like creating documents, searching notes, appending content, and using templates. - Includes concise API usage examples with required authentication (Token). - Lists key SQL query patterns and important usage restrictions. - All endpoints are for local use; SiYuan Note must be running locally.
元数据
Slug siyuan-note
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Siyuan Note 是什么?

思源笔记(SiYuan Note)本地 API 操作助手。用于读写笔记本、文档、块、搜索、模板、SQL 查询等本地笔记操作。触发场景:用户提到"思源笔记"、"SiYuan"、"帮我创建文档"、"搜索笔记"、"查询数据库"等。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 132 次。

如何安装 Siyuan Note?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install siyuan-note」即可一键安装,无需额外配置。

Siyuan Note 是免费的吗?

是的,Siyuan Note 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Siyuan Note 支持哪些平台?

Siyuan Note 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Siyuan Note?

由 莫循(@moxunjinmu)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论