ClawHub

Joplin Api

v0.1.3

Manage Joplin notes via REST API. Use for creating, reading, updating, deleting, or searching Joplin notes programmatically.

3· 602·1 current·1 all-time
byKGTAF@killgfat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name and description (Joplin API management) match the included files and behavior: Python scripts call the Joplin Data API (GET/POST/PUT/DELETE) and implement create/read/update/delete/search/import/export operations. Required binary (python3) and Python dependencies (requests, python-dotenv) are appropriate for the stated purpose.
Instruction Scope
Runtime instructions and scripts only interact with the configured Joplin API base URL and local filesystem for import/export. Scripts read JOPLIN_BASE_URL and JOPLIN_TOKEN (declared in SKILL.md) and limit import/export to workspace dirs. No instructions attempt to read unrelated system state or send data to third-party endpoints. Minor oddity: SKILL.md metadata says to install pip deps, but the skill registry's top-level summary listed no required env vars — the scripts do require JOPLIN_TOKEN at runtime.
Install Mechanism
No remote downloads or archive extraction are used. The SKILL.md recommends installing Python packages via pip (requests, python-dotenv) which is expected for Python scripts. There is no suspicious install URL or arbitrary code fetch.
Credentials
Environment variables used (JOPLIN_BASE_URL, JOPLIN_TOKEN, JOPLIN_IMPORT_DIR, JOPLIN_EXPORT_DIR) are proportionate and directly tied to Joplin API usage. However, registry metadata at the top listed 'Required env vars: none' while SKILL.md marks JOPLIN_TOKEN as required — that's an inconsistency to be aware of. The default allowed workspace is /root/.openclaw/workspace and BLOCKED_DIRS includes /home, which may be unexpectedly restrictive on typical user systems.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or privileges. It doesn't modify other skills' configs. Autonomous invocation is allowed by default (platform standard) but the skill doesn't request elevated platform privileges.
Assessment
This skill appears to do what it says: it is a local Joplin Data API client implemented in Python and requires a JOPLIN_TOKEN (API token) and python3 with requests and python-dotenv. Before installing, check: 1) Provide a valid JOPLIN_TOKEN and confirm whether your runtime environment will supply the SKILL.md pip install step (the registry metadata omitted required env info). 2) Review and, if needed, change JOPLIN_IMPORT_DIR/JOPLIN_EXPORT_DIR to a directory you control — the default is /root/.openclaw/workspace and the code blocks access to /home and other system dirs which may prevent using your normal home directory. 3) Confirm you trust the code bundle (it calls only your configured Joplin server URL and does not phone home); if you plan to point JOPLIN_BASE_URL at a remote host, ensure the host is trusted. Finally, if you need the skill to run on a non-root environment, adjust the default workspace paths accordingly.

Like a lobster shell, security has layers — review code before you run it.

apivk971j9z8840npcbbmngjms48c5824e1yjoplinvk971j9z8840npcbbmngjms48c5824e1ylatestvk971j9z8840npcbbmngjms48c5824e1ynotesvk971j9z8840npcbbmngjms48c5824e1yproductivityvk971j9z8840npcbbmngjms48c5824e1yrestvk971j9z8840npcbbmngjms48c5824e1y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
Environment variables
JOPLIN_BASE_URLoptionalJoplin Data API base URL
JOPLIN_TOKENrequiredAPI Token from Joplin Web Clipper settings
JOPLIN_IMPORT_DIRoptionalAllowed directory for import operations
JOPLIN_EXPORT_DIRoptionalAllowed directory for export operations

Comments