Joplin Api
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a normal Joplin note-management skill, but its export code can write notes outside the promised workspace restriction.
Install only if you intend to let the agent manage your Joplin notes. Use a trusted Joplin API URL, protect the Web Clipper token, back up notes before destructive operations, and be especially careful with export paths because the code does not fully enforce the documented workspace-only restriction.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could export private Joplin note contents to local paths outside the expected workspace, potentially overwriting files or leaving sensitive notes in unintended locations.
The file claims export is workspace-restricted, but when the output path is outside the allowed directories it only prints a warning and then proceeds to create directories and write the exported note.
安全限制:只允许导出到工作空间目录 ... if not is_safe_path(safe_path, ALLOWED_BASE_DIRS): print(f"⚠️ 警告:导出路径 {safe_path} 不在工作目录内") ... with open(safe_path, 'w', encoding='utf-8') as f:Treat export as not fully sandboxed. Use explicit output paths under a trusted workspace directory, set JOPLIN_EXPORT_DIR carefully, and avoid allowing automatic export-all actions without review.
If invoked incorrectly, the skill can change, move, tag, or permanently delete notes and notebooks.
The skill exposes write and delete operations, including permanent deletion, which is expected for a Joplin management tool but is high-impact.
python3 joplin.py update --id <id> --title "New Title" --body "New Content" ... python3 joplin.py delete --id <id> [--permanent]
Back up important notes and require clear user confirmation before update, delete, permanent delete, bulk import, or bulk export operations.
Anyone or any agent action using this token can read or modify Joplin data through the configured Joplin API endpoint.
The skill requires a Joplin Web Clipper API token, which grants access to the user's Joplin API and is necessary for the stated integration.
`JOPLIN_TOKEN` | **Yes** | - | API Token from Web Clipper
Only use a token for a trusted Joplin instance, keep JOPLIN_BASE_URL pointed at a trusted server, and rotate the token if it may have been exposed.
Sensitive note contents may be displayed to the agent, and any instructions written inside notes could be mistaken for user instructions if not treated as data.
The skill retrieves and prints note bodies, which is core to a note-reading tool but means private note content can enter the agent's context.
body = note.get('body', '') ... print(body)Use the skill only for notes you are comfortable exposing to the agent, and treat retrieved note text as untrusted content rather than commands.
Future installs could resolve to different package versions than the reviewer saw.
The skill declares pip-installed dependencies without pinned versions. These packages are purpose-aligned, but the exact dependency versions are not locked.
kind: pip
package: requests python-dotenvPrefer pinned dependency versions or install in an isolated environment if reproducibility matters.