flomo-via-app

Facilitates quick note-taking and idea capture to flomo via URL Scheme and webhook fallback, enhancing productivity on macOS.

Install this skill

or

0/100

Security score

The flomo-via-app skill was audited on Feb 9, 2026 and we found 32 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 3

Webhook reference - potential data exfiltration

SourceSKILL.md

3	description: "Send notes and memos to flomo (浮墨笔记) via URL Scheme with automatic webhook fallback. Use when user wants to save thoughts, links, ideas, or content to their flomo inbox. Automatically fa

medium line 8

Webhook reference - potential data exfiltration

SourceSKILL.md

8	Send notes to flomo using URL Scheme, with automatic webhook fallback for reliability.

medium line 22

Webhook reference - potential data exfiltration

SourceSKILL.md

22	2. Webhook token/URL

medium line 44

Webhook reference - potential data exfiltration

SourceSKILL.md

44	2. Fallback: Webhook API → HTTP POST to flomo servers (works without app)

medium line 46

Webhook reference - potential data exfiltration

SourceSKILL.md

46	If the flomo app is not installed or `open` command fails, it automatically falls back to webhook.

medium line 66

Webhook reference - potential data exfiltration

SourceSKILL.md

66	### Webhook Configuration (Optional)

medium line 68

Webhook reference - potential data exfiltration

SourceSKILL.md

68	If you ran `./scripts/configure.sh` during setup, webhook is already configured.

low line 73

Webhook reference - potential data exfiltration

SourceSKILL.md

73	# Option 1: Full webhook URL

low line 74

Webhook reference - potential data exfiltration

SourceSKILL.md

74	export FLOMO_WEBHOOK_URL="https://flomoapp.com/iwh/xxxxxxxxxxxxxxxx"

low line 77

Webhook reference - potential data exfiltration

SourceSKILL.md

77	export FLOMO_WEBHOOK_TOKEN="xxxxxxxxxxxxxxxx"

medium line 161

Webhook reference - potential data exfiltration

SourceSKILL.md

161	Remote/SSH session (uses webhook):

low line 163

Webhook reference - potential data exfiltration

SourceSKILL.md

163	export FLOMO_WEBHOOK_TOKEN="your-token"

medium line 169

Webhook reference - potential data exfiltration

SourceSKILL.md

169	⚠️ API 和 URL Scheme 功能需要 [flomo PRO 会员](https://flomoapp.com/mine?source=incoming_webhook) 才能使用。

medium line 176

Webhook reference - potential data exfiltration

SourceSKILL.md

176	### Webhook Fallback

medium line 178

Webhook reference - potential data exfiltration

SourceSKILL.md

178	- `FLOMO_WEBHOOK_URL` or `FLOMO_WEBHOOK_TOKEN` environment variable set

medium line 183

Webhook reference - potential data exfiltration

SourceSKILL.md

183	- Images: Maximum 9 images per note (URL Scheme only; webhook does not support images)

medium line 191

Webhook reference - potential data exfiltration

SourceSKILL.md

191	\| `FLOMO_WEBHOOK_URL` \| Full webhook URL \| `https://flomoapp.com/iwh/abc123` \|

medium line 192

Webhook reference - potential data exfiltration

SourceSKILL.md

192	\| `FLOMO_WEBHOOK_TOKEN` \| Webhook token only \| `abc123` \|

low line 199

Webhook reference - potential data exfiltration

SourceSKILL.md

199	export FLOMO_WEBHOOK_TOKEN="your-webhook-token-here"

medium line 204

Webhook reference - potential data exfiltration

SourceSKILL.md

204	"Error: Webhook not configured"

medium line 205

Webhook reference - potential data exfiltration

SourceSKILL.md

205	→ Set `FLOMO_WEBHOOK_URL` or `FLOMO_WEBHOOK_TOKEN` environment variable

medium line 208

Webhook reference - potential data exfiltration

SourceSKILL.md

208	→ Normal if app not installed; check if webhook fallback succeeded

medium line 215

Webhook reference - potential data exfiltration

SourceSKILL.md

215	For detailed webhook API documentation, see [references/api.md](references/api.md).

medium line 196

Access to hidden dotfiles in home directory

SourceSKILL.md

196	Add to your `~/.bashrc`, `~/.zshrc`, or `~/.bash_profile`:

medium line 23

Access to .env file

SourceSKILL.md

23	3. 保存位置（默认保存到 skill 目录的 `.env` 文件）

medium line 25

Access to .env file

SourceSKILL.md

25	配置默认保存到 `.env` 文件，这样更便于管理和隔离。

low line 74

External URL reference

SourceSKILL.md

74	export FLOMO_WEBHOOK_URL="https://flomoapp.com/iwh/xxxxxxxxxxxxxxxx"

low line 109

External URL reference

SourceSKILL.md

109	open "flomo://create?image_urls=%5B%22https://example.com/img1.jpg%22%5D&content=Photo%20notes"

low line 137

External URL reference

SourceSKILL.md

137	open "flomo://create?image_urls=%5B%22https://example.com/img.jpg%22%5D&content=Photo%20notes"

low line 148

External URL reference

SourceSKILL.md

148	./scripts/flomo_send.sh "https://example.com/article" "#readlater #tech"

low line 169

External URL reference

SourceSKILL.md

169	⚠️ API 和 URL Scheme 功能需要 [flomo PRO 会员](https://flomoapp.com/mine?source=incoming_webhook) 才能使用。

low line 191

External URL reference

SourceSKILL.md

191	\| `FLOMO_WEBHOOK_URL` \| Full webhook URL \| `https://flomoapp.com/iwh/abc123` \|

Scanned on Feb 9, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorymarketing

UpdatedApril 4, 2026

openclaw api content-marketer social-media-manager influencer-marketer growth-marketer customer-success-manager marketing sales

openclaw/skills