yinxiang-notes

印象笔记（中国版）集成 skill。使用 Developer Token 在印象笔记中创建、整理和搜索笔记。支持笔记本列表、创建笔记、更新笔记内容/标签、移动笔记到废纸篓、查看/清空废纸篓、搜索内容、增量同步到 Obsidian vault。适用于使用 app.yinxiang.com 的用户。

What to consider before installing: - Credential handling: this skill requires an Evernote developer token (EVERNOTE_TOKEN) and a NoteStore URL (EVERNOTE_NOTESTORE_URL) provided via a .env file — but the registry metadata does not declare them. Treat that as a red flag: confirm you have only the minimal token you trust and that the .env file doesn't contain other secrets. - Log leakage: several scripts print token fragments (and list_tags.py prints the token variable). These outputs can appear in logs or consoles and may leak credentials — remove or redact those prints before use. - Hard-coded behaviors: sync_to_obsidian.py writes to a hard-coded VAULT_PATH (C:\Users\adun\Documents\印象笔记同步) and get_note_enml.py contains a hard-coded TARGET_GUID and writes its content to scripts/note_enml_output.xml. Update these defaults to safe, user-controlled values or run the scripts in a sandbox until you confirm the paths are appropriate. - File I/O & data exposure: the sync will write notes and attachments to your local filesystem; if you run it in a directory containing other sensitive files, it may read/write state nearby (.env lookup traverses up). Place the skill in an isolated workspace or ensure .env contains only Evernote credentials for this skill. - Autonomous invocation: the skill can be invoked by the agent (normal default). If you are concerned about automated access to your Evernote data, disable autonomous invocation or require manual confirmation before running scripts. - Recommended actions before use: (1) inspect and remove the get_note_enml.py hard-coded GUID or only run it after review; (2) change/remove token-printing lines; (3) set VAULT_PATH to a directory you control; (4) supply a scoped developer token (least privilege) and not a broad production token; (5) run first in a disposable environment to verify behavior. If you want, I can: (a) list the exact lines that print token or reference the hard-coded GUID/path to help you patch them, or (b) produce a safe checklist/patch set to sanitize the scripts prior to use.

Type: OpenClaw Skill Name: yinxiang-notes Version: 1.0.0 The skill bundle provides a comprehensive integration for Yinxiang (Evernote China), allowing for note management, searching, and incremental synchronization to a local Obsidian vault. While the code contains some author-specific hardcoded elements—such as a local file path in `sync_to_obsidian.py` (`C:\Users\adun\...`) and a specific note GUID in a debug script (`get_note_enml.py`)—these appear to be remnants of personal development rather than malicious artifacts. The scripts use the official Evernote SDK, implement basic filename sanitization, and the destructive 'empty trash' functionality is clearly documented and requires manual confirmation.