中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:21 hr ago Rescan
15 /100
SiYuan Note
SiYuan Note API client for notebook, document and block management
Legitimate SiYuan Note API client with no malicious behavior detected. Uses only local API calls and standard Python libraries.
Skill NameSiYuan Note
Duration36.2s
Enginepi
Safe to install
The skill is safe to use. Consider removing the undeclared Bash permission from SKILL.md as no shell execution was found in the codebase.

Findings 1 items

Severity Finding Location
Low
Undeclared Bash permission not used Doc Mismatch
SKILL.md declares 'Bash→shell:WRITE' permission but no shell execution was found in the code. The skill uses only Python's urllib for HTTP requests.
requires: { bins: ["python3"] }
→ Remove shell:WRITE from allowed-tools or document if Bash was intended for future use
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Network READ READ ✓ Aligned siyuan_client.py:161-180 - Only connects to local SiYuan API at 127.0.0.1:6806
Filesystem WRITE WRITE ✓ Aligned tools/export.py:91-98, tools/read.py:68-70 - Write operations only for user-requ…
Shell WRITE NONE ✓ Aligned No subprocess, os.system, or shell execution found in entire codebase
12 findings
🔗
Medium External URL 外部 URL
http://127.0.0.1:6806
API.md:74
🔗
Medium External URL 外部 URL
https://b3log.org/siyuan/
API.md:1469
🔗
Medium External URL 外部 URL
https://b3log.org/siyuan
API.md:1521
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/version-1.0.0-blue
README.md:3
🔗
Medium External URL 外部 URL
https://clawhub.ai
README.md:3
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/python-3.8%2B-green
README.md:4
🔗
Medium External URL 外部 URL
https://python.org
README.md:4
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/license-MIT-yellow
README.md:5
🔗
Medium External URL 外部 URL
https://clawhub.ai/weiwei2027/siyuan
README.md:228
🔗
Medium External URL 外部 URL
https://www.siyuan-note.club/apis
README.md:230
🔗
Medium External URL 外部 URL
https://openclaw.ai
README.md:236
🔗
Medium External URL 外部 URL
https://api.example.com/data
SKILL.md:335

File Tree

14 files · 124.2 KB · 4760 lines
Markdown 4f · 2396L Python 9f · 2351L YAML 1f · 13L
├─ 📁 tools
│ ├─ 🐍 create.py Python 82L · 2.4 KB
│ ├─ 🐍 delete.py Python 141L · 4.3 KB
│ ├─ 🐍 export.py Python 223L · 7.2 KB
│ ├─ 🐍 list.py Python 114L · 3.7 KB
│ ├─ 🐍 move.py Python 124L · 4.3 KB
│ ├─ 🐍 read.py Python 104L · 3.0 KB
│ ├─ 🐍 search.py Python 129L · 4.1 KB
│ └─ 🐍 update.py Python 170L · 6.1 KB
├─ 📝 API.md Markdown 1583L · 31.2 KB
├─ 📝 CHANGELOG.md Markdown 45L · 1.3 KB
├─ 📋 config.example.yaml YAML 13L · 479 B
├─ 📝 README.md Markdown 236L · 4.8 KB
├─ 🐍 siyuan_client.py Python 1264L · 39.5 KB
└─ 📝 SKILL.md Markdown 532L · 11.9 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
pyyaml not pinned pip No Standard YAML parser, no known vulnerabilities

Security Positives

✓ Uses only Python standard library (urllib, json, yaml, pathlib) - no external dependencies
✓ All network requests are local-only (127.0.0.1:6806) - SiYuan local API
✓ No credential harvesting or environment variable iteration
✓ No obfuscation techniques (base64, eval, etc.)
✓ No data exfiltration or C2 communication
✓ Clean, well-documented code with comprehensive error handling
✓ API token is user-provided and stored locally in config file
✓ SQL queries are documented and follow expected SiYuan API patterns
✓ No persistence mechanisms (cron, startup scripts) found
✓ All file operations are user-initiated exports