Open Notebook Skill

The skill's purpose is clear: connect an agent to a self-hosted Open Notebook system for saving, searching, chatting with, and managing research notes. However, private note access plus destructive notebook/source deletion are high-impact capabilities, and the sample bridge leaves cross-notebook list/search paths broader than the documented per-notebook controls.

The SKILL frontmatter says to use it only for explicit saved-content requests, but the README says the agent uses it automatically for broad research or notes prompts. That ambiguity matters because activation can retrieve persisted private notebook data.

Install/setup is disclosed and local: it requires a self-hosted Open Notebook deployment, a local FastAPI bridge on 127.0.0.1:5077, an agent API key, and a user systemd service. No hidden installer or obfuscated package behavior was found.

Loopback-only network access and an API key are proportionate for this integration, but the documented security model depends on per-notebook allowlists that are not consistently applied by the included bridge example.

The bridge is intended to run persistently and logs calls, which is disclosed. The skill also exposes irreversible delete commands without an interactive confirmation step, so users should treat it as a privileged notebook-management tool, not only a search/RAG helper.