ClawHub

Trilium

v1.0.3

Manage Trilium Notes by reading, searching, and creating notes via the ETAPI with provided server URL and ETAPI token.

3· 1.3k·2 current·2 all-time
by@mtbf999
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill is clearly for interacting with Trilium Notes via its ETAPI (reading, searching, creating notes). That capability aligns with the name and included reference doc. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md explicitly requires TRILIUM_ETAPI_TOKEN and TRILIUM_SERVER_URL — a discrepancy between claimed metadata and actual instructions.
Instruction Scope
The runtime instructions are narrowly scoped to calling the Trilium ETAPI (authenticate with a token, use the server URL, perform GET/POST/PUT/DELETE/search). The SKILL.md does not instruct reading arbitrary local files, scanning other credentials, or sending data to unrelated endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk or fetched at install time via an external URL.
!
Credentials
The SKILL.md rightly requires TRILIUM_ETAPI_TOKEN and TRILIUM_SERVER_URL (both are appropriate for Trilium access), but the registry metadata declares no required env vars or primary credential. That mismatch is concerning because the platform metadata will not surface or enforce the secret requirement and the token grants full API access to the user's notes.
Persistence & Privilege
The skill does not request always:true, does not claim to modify other skills or system settings, and is not asking for persistent installation privileges. Autonomous invocation is enabled by default (normal), so any provided token could be used by the agent when the skill runs.
What to consider before installing
This skill legitimately needs two pieces of information to work: TRILIUM_ETAPI_TOKEN (an ETAPI token you generate in Trilium) and TRILIUM_SERVER_URL (the Trilium server address). Before installing: (1) be aware the registry metadata does not list these required env vars or a primary credential — you must provide them manually. (2) The ETAPI token grants API-level access to all notes reachable by that token; only provide it if you trust the skill and the agent's ability to run it. Prefer generating a scoped or ephemeral token if Trilium supports it, and run the Trilium server on a local or private network if you want to keep data internal. (3) Because the skill can be invoked autonomously, any stored token could be used without an extra prompt — consider limiting network access or using a token that has limited permissions. (4) If you need more assurance, request the publisher add the required env vars to the registry metadata and/or include an explicit statement of exactly which ETAPI endpoints the skill will call and when.

Like a lobster shell, security has layers — review code before you run it.

latestvk977wpvrg11gm9yrkky3hdetgd80yhhm
1.3kdownloads
3stars
4versions
Updated 1mo ago
v1.0.3
MIT-0
@mtbf999
latest
Download

Trilium Notes

Work with Trilium Notes via the ETAPI.

Configuration

This skill requires a Trilium ETAPI token and the server URL. These should be stored in the environment or passed by the user.

  • TRILIUM_ETAPI_TOKEN: Your ETAPI token (generated in Trilium -> Options -> ETAPI).
  • TRILIUM_SERVER_URL: The URL of your Trilium server (e.g., http://localhost:8080).

Core Concepts

  • Note ID: A unique identifier for a note (e.g., root, _day_2026-02-11).
  • Attributes: Metadata attached to notes (labels, relations).
  • ETAPI: The External Trilium API, a REST API for interacting with the database.

Example Prompts

Search for information

  • "Search my Trilium notes for 'Home Lab'"
  • "Find any notes in Trilium about 'Docker configuration'"
  • "What did I write in Trilium about 'Project X'?"

Create new content

  • "Create a new note in Trilium called 'Meeting Notes' under the root folder"
  • "Add a note to Trilium with title 'Ideas' and content 'Buy more coffee'"
  • "Create a text note in Trilium under my 'Projects' folder"

Read and retrieve

  • "Show me the content of my Trilium note called 'Todo List'"
  • "Get the details for the Trilium note with ID 'U5cC2X3KKPdC'"

Reference Documentation

For detailed API information, see references/api.md.

Comments

Loading comments...