Scan Report
5 /100
Get笔记
Save, search, and manage personal notes and knowledge bases via Get笔记 API
This is a legitimate note-taking skill that provides save, search, and knowledge base management capabilities through a documented REST API. No malicious behavior, hidden functionality, or credential harvesting detected.
Safe to install
This skill is safe to use. No blocking concerns identified.
Findings 1 items
| Severity | Finding | Location |
|---|---|---|
| Low | Unpinned requests dependency | scripts/upload_image.py:15 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | All API calls to openapi.biji.com are documented and necessary for note-taking f… |
| Filesystem | READ | READ | ✓ Aligned | Read tool used only for loading reference documentation files; upload_image.py r… |
| Environment | READ | READ | ✓ Aligned | Only accesses GETNOTE_API_KEY, GETNOTE_CLIENT_ID, GETNOTE_OWNER_ID as documented |
| Shell | NONE | NONE | — | No shell execution observed |
37 findings
Medium External URL 外部 URL
https://img.shields.io/badge/License-MIT--0-blue.svg README.md:3 Medium External URL 外部 URL
https://opensource.org/licenses/MIT-0 README.md:3 Medium External URL 外部 URL
https://www.biji.com/openapi README.md:132 Medium External URL 外部 URL
https://www.biji.com/checkout?product_alias=6AydVpYeKl README.md:153 Medium External URL 外部 URL
https://biji.com README.md:188 Medium External URL 外部 URL
https://clawhub.ai/iswalle/getnote README.md:190 Medium External URL 外部 URL
https://clawhub.ai README.md:197 Medium External URL 外部 URL
https://openapi.biji.com SKILL.md:11 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/image/upload_token?mime_type=jpg&count=1 references/api-details.md:222 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/save references/api-details.md:237 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/list?page=1 references/knowledge.md:12 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/subscribe/list?page=1 references/knowledge.md:47 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/create references/knowledge.md:66 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/notes?topic_id=abc123&page=1 references/knowledge.md:86 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/note/batch-add references/knowledge.md:115 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/note/remove references/knowledge.md:134 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/bloggers?topic_id= references/knowledge.md:177 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/blogger/contents?topic_id= references/knowledge.md:207 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/blogger/content/detail?topic_id= references/knowledge.md:226 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/lives?topic_id= references/knowledge.md:247 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/knowledge/live/detail?topic_id= references/knowledge.md:268 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/list?since_id=0 references/list.md:12 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/detail?id= references/list.md:44 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/update references/list.md:86 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/delete references/list.md:115 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/oauth/device/code references/oauth.md:46 Medium External URL 外部 URL
https://biji.com/openapi/oauth/authorize?code=abc123... references/oauth.md:65 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/oauth/token references/oauth.md:102 Medium External URL 外部 URL
https://www.biji.com/openapi?tab=keys references/oauth.md:195 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/task/progress references/save.md:41 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/recall references/search.md:16 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/recall/knowledge references/search.md:58 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/tags/add references/tags.md:12 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/tags/delete references/tags.md:42 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource scripts/upload_image.py:31 Medium External URL 外部 URL
https://openapi.biji.com/open/api/v1/resource/note/save?task_id=... scripts/upload_image.py:177 Info Email 邮箱地址
[email protected] package.json:6 File Tree
12 files · 50.7 KB · 1830 lines Markdown 9f · 1499L
Python 2f · 290L
JSON 1f · 41L
├─
▾
references
│ ├─
api-details.md
Markdown
│ ├─
knowledge.md
Markdown
│ ├─
list.md
Markdown
│ ├─
oauth.md
Markdown
│ ├─
save.md
Markdown
│ ├─
search.md
Markdown
│ └─
tags.md
Markdown
├─
▾
scripts
│ ├─
oauth_poll.py
Python
│ └─
upload_image.py
Python
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
requests | * | pip | No | Version not pinned; upload_image.py only |
Security Positives
✓ All API endpoints are clearly documented and use a known legitimate service (openapi.biji.com)
✓ No credential exfiltration observed - credentials are only used for API authentication
✓ No base64-encoded commands or obfuscated code patterns
✓ No access to sensitive paths like ~/.ssh, ~/.aws, or system configuration
✓ OAuth flow uses standard device code grant with proper security practices
✓ All functionality is declared in SKILL.md - no hidden capabilities
✓ Configuration writing (to ~/.openclaw/openclaw.json) is documented and necessary for the feature
✓ No remote code execution patterns (curl|bash, wget|sh)
✓ Clean codebase with no suspicious system reconnaissance