Trilium
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for Trilium note management, but it needs a Trilium ETAPI token and can read or change private notes if the user authorizes it.
This looks safe to install if you intend the agent to work with your Trilium notes. Before use, make sure the ETAPI token is only shared with this environment, understand that note contents may be read into the chat, and explicitly confirm any update or delete operation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill with a valid token can let the agent access the connected Trilium database according to that token's permissions.
The skill needs a delegated Trilium API token to access the user's note database. This is expected for the integration, but it is sensitive account authority.
This skill requires a Trilium ETAPI token and the server URL. These should be stored in the environment or passed by the user.
Use a token intended for this purpose, keep it private, and revoke or rotate it if you no longer want the agent to access Trilium.
Private note contents may be surfaced to the agent and included in responses when the user asks to search or read notes.
The skill is designed to retrieve note contents into the agent conversation/context. Trilium notes may contain private or sensitive information.
"Search my Trilium notes for 'Home Lab'" ... "Show me the content of my Trilium note called 'Todo List'"
Ask narrowly scoped questions, avoid using this with highly sensitive notebooks unless needed, and review what content the agent is about to use or display.
If the agent is asked to use these endpoints, it could modify or delete notes in the connected Trilium database.
The included API reference documents note update and deletion endpoints. This is relevant Trilium ETAPI documentation, but it means the same integration may support higher-impact mutations than the main read/search/create examples.
`PUT /etapi/notes/{noteId}/content`: Update note content. ... `DELETE /etapi/notes/{noteId}`: Delete a note.Only allow update or delete actions when you explicitly request them, and verify note IDs or titles before making irreversible changes.