Back to skill
Skillv0.1.3
ClawScan security
Joplin Api · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 8:07 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The package is a coherent, local Joplin Data API wrapper that only requires a Joplin API token and operates on user-specified local directories; minor metadata inconsistencies and a restrictive default workspace path are worth noting before install.
- Guidance
- This skill appears to do what it says: it is a local Joplin Data API client implemented in Python and requires a JOPLIN_TOKEN (API token) and python3 with requests and python-dotenv. Before installing, check: 1) Provide a valid JOPLIN_TOKEN and confirm whether your runtime environment will supply the SKILL.md pip install step (the registry metadata omitted required env info). 2) Review and, if needed, change JOPLIN_IMPORT_DIR/JOPLIN_EXPORT_DIR to a directory you control — the default is /root/.openclaw/workspace and the code blocks access to /home and other system dirs which may prevent using your normal home directory. 3) Confirm you trust the code bundle (it calls only your configured Joplin server URL and does not phone home); if you plan to point JOPLIN_BASE_URL at a remote host, ensure the host is trusted. Finally, if you need the skill to run on a non-root environment, adjust the default workspace paths accordingly.
Review Dimensions
- Purpose & Capability
- okThe skill's name and description (Joplin API management) match the included files and behavior: Python scripts call the Joplin Data API (GET/POST/PUT/DELETE) and implement create/read/update/delete/search/import/export operations. Required binary (python3) and Python dependencies (requests, python-dotenv) are appropriate for the stated purpose.
- Instruction Scope
- noteRuntime instructions and scripts only interact with the configured Joplin API base URL and local filesystem for import/export. Scripts read JOPLIN_BASE_URL and JOPLIN_TOKEN (declared in SKILL.md) and limit import/export to workspace dirs. No instructions attempt to read unrelated system state or send data to third-party endpoints. Minor oddity: SKILL.md metadata says to install pip deps, but the skill registry's top-level summary listed no required env vars — the scripts do require JOPLIN_TOKEN at runtime.
- Install Mechanism
- okNo remote downloads or archive extraction are used. The SKILL.md recommends installing Python packages via pip (requests, python-dotenv) which is expected for Python scripts. There is no suspicious install URL or arbitrary code fetch.
- Credentials
- noteEnvironment variables used (JOPLIN_BASE_URL, JOPLIN_TOKEN, JOPLIN_IMPORT_DIR, JOPLIN_EXPORT_DIR) are proportionate and directly tied to Joplin API usage. However, registry metadata at the top listed 'Required env vars: none' while SKILL.md marks JOPLIN_TOKEN as required — that's an inconsistency to be aware of. The default allowed workspace is /root/.openclaw/workspace and BLOCKED_DIRS includes /home, which may be unexpectedly restrictive on typical user systems.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system-wide persistence or privileges. It doesn't modify other skills' configs. Autonomous invocation is allowed by default (platform standard) but the skill doesn't request elevated platform privileges.