Supernote Cloud

Access a self-hosted Supernote Private Cloud instance to browse files and folders, upload documents (PDF, EPUB) and notes, convert web articles to EPUB/PDF and send them to the device, check storage capacity, and navigate the directory tree. Use when the user mentions Supernote, e-ink device files, wants to upload/browse documents on their Supernote cloud, or wants to send an article/URL to their e-reader.

This skill appears to implement a reasonable Supernote Private Cloud client, but there are two key issues to consider before installing: - Metadata mismatch: The registry entry declares no required environment variables or credentials, but the SKILL.md and scripts require SUPERNOTE_URL, SUPERNOTE_USER, and SUPERNOTE_PASSWORD. Don’t assume the skill is low-privileged — it needs your Supernote credentials and a URL. Only provide those to a trusted self-hosted server. - Token caching and local file access: The CLI caches an auth token in /tmp/.supernote_token (file permission 600) and will read local files you ask it to upload and will fetch arbitrary web URLs to convert into EPUB/PDF. If an attacker or untrusted package controls the configured BASE_URL, your credentials could be sent to that host. Also, the token file in /tmp may be accessible to other local users depending on your system policies. Recommendations: - Verify/inspect the full scripts yourself (you have them). Confirm BASE_URL is a server you control or trust before entering credentials. - Consider creating a dedicated, limited Supernote account for use with this skill rather than using a primary account. - Run the skill in an isolated environment (container or disposable machine) if you’re concerned about token leakage or untrusted network endpoints. - Be cautious when using the article conversion feature: it fetches arbitrary web pages and embedded images (network I/O). If you only need file upload/listing, avoid using article conversion or review the converter's behavior. Confidence: high that the skill is internally inconsistent (metadata vs runtime) and that the scripts will access sensitive credentials and perform network/local-file operations; this warrants a cautious installation approach.

Type: OpenClaw Skill Name: supernote-cloud Version: 1.0.0 The skill is classified as suspicious due to several risky capabilities and security practices, despite its stated purpose. It requires and directly handles sensitive credentials (SUPERNOTE_USER, SUPERNOTE_PASSWORD) via environment variables, storing a JWT token in `/tmp/.supernote_token`. The `scripts/supernote.sh` script exhibits weak input sanitization by directly interpolating these sensitive variables into Python `-c` arguments and `curl -d` JSON payloads, which could lead to JSON injection or script errors if the environment variables contain special characters. Furthermore, the skill provides capabilities to fetch arbitrary URLs (`scripts/article2ebook.py`) and upload arbitrary local files (`scripts/supernote.sh`), which, while core to its functionality, could be misused if the agent is compromised by prompt injection.