Back to skill
Skillv0.1.3
VirusTotal security
Joplin Api · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:25 AM
- Hash
- 9dec5abfb0dddf0b722bfa7e22d03a3af3824eaf15fd4a089bc1e238abc4204d
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: joplin-api Version: 0.1.3 The OpenClaw AgentSkills bundle for Joplin API is classified as benign. The skill's primary function is to manage Joplin notes via its REST API, which it accomplishes using standard Python libraries like `requests` and `argparse`. Crucially, the `joplin_export.py` and `joplin_import.py` scripts implement robust path sanitization using `pathlib.Path.resolve()`, explicitly defining `ALLOWED_BASE_DIRS` (e.g., `/root/.openclaw/workspace`) and a comprehensive list of `BLOCKED_DIRS` (e.g., `/etc`, `/home`, `/bin`), effectively mitigating path traversal vulnerabilities. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection attempts in any of the files, including the `SKILL.md` instructions.
- External report
- View on VirusTotal