Zsxq
v0.1.0Note知识星球笔记管理:创建个人文字笔记、查看笔记列表。用于在知识星球记录个人笔记、随手记录想法或查看历史笔记。
0· 19·0 当前·0 累计
by 下载技能包
最后更新
2026/4/19
安全扫描
OpenClaw
可疑
medium confidence该技能的声明目的(创建/列出个人笔记)看似合理,但其运行时指令需读取外部共享的 SKILL.md 进行认证,并列出 CLI 二进制文件,却未声明对应的环境/凭据需求——这些不匹配及跨文件读取令人担忧。
评估建议
This skill looks like a thin wrapper around an external CLI (zsxq-cli) and insists the agent read a separate shared SKILL.md for authentication — that shared file is not included here. Before installing, ask the publisher to provide the referenced ../zsxq-shared/SKILL.md so you can inspect how authentication is handled and what credentials are required. Verify where zsxq-cli stores or expects credentials (environment variables, config files like ~/.config or ~/.zsxq, or an external token) and co...详细分析 ▾
ℹ 用途与能力
The skill's name, description, and commands all align with a simple note-create/list tool that delegates to a zsxq-cli binary. However the SKILL.md declares a required binary (zsxq-cli) while the registry metadata earlier showed no required binaries — an inconsistency. The dependency on a shared ../zsxq-shared/SKILL.md (not included) is effectively a hidden dependency.
⚠ 指令范围
The SKILL.md contains a CRITICAL instruction to 'MUST' read ../zsxq-shared/SKILL.md for authentication and error-handling rules. That referenced file is not bundled here; instructing the agent to read a sibling/shared SKILL.md at runtime can expose authentication rules or other sensitive instructions and gives the agent permission to access files outside this skill's bundle. The CLI commands perform write operations (create notes), which is expected, but the authentication mechanism and any steps in the external shared file are unknown and not declared.
✓ 安装机制
This is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself. That is low-risk from an installer standpoint.
⚠ 凭证需求
No environment variables or credentials are declared, yet the skill requires authentication (per the referenced shared SKILL.md) and depends on an external CLI. The lack of declared env vars or primary credential is disproportionate to the expected need to authenticate the zsxq-cli. It's unclear where credentials come from (env vars, config files, or agent secrets), which is a risk.
✓ 持久化与权限
The skill does not request persistent presence (always:false) and does not include install steps that modify agent configuration. Autonomous invocation is allowed (default) but not combined with any other elevated privileges.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.02026/4/19
- zsxq-note 初始发布:面向知识星球的个人纯文本笔记管理工具。 - 支持创建个人纯文本笔记并查看笔记列表。 - 提供快捷指令:+create 快速新建、+list 快速列出。 - 需配合 zsxq-cli,共享认证与错误处理。 - 仅支持纯文本,不支持图片上传与主题管理。
● 无害
安装命令
点击复制官方npx clawhub@latest install zsxq-note
镜像加速npx clawhub@latest install zsxq-note --registry https://cn.longxiaskill.com 镜像可用
技能文档
# note (v1) CRITICAL — 开始前 MUST 先用 Read 工具读取 ../zsxq-shared/SKILL.md,其中包含认证、错误处理规则。 ## 核心概念 - 笔记(Note):个人私密(或特定权限)的文字记录,仅支持纯文本,不支持图片。与主题(Topic)不同,笔记是个人维度的内容。 ## 快捷方式(推荐优先使用) | 快捷方式 | 说明 | |----------|------| | +create | 创建一条个人文字笔记,仅支持纯文本 | | +list | 查看自己的笔记列表,支持分页 |