SilverBullet API
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to match its stated purpose of managing SilverBullet notes, but it gives the agent read, write, append, and delete access to your note space.
This looks like a straightforward SilverBullet MCP integration. Before installing, make sure the configured SILVERBULLET_URL points to the intended server, avoid letting untrusted text choose a base_url, and confirm any write, append, or delete action because those changes affect your real notes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these tools incorrectly, it could overwrite or delete notes in the connected SilverBullet space.
The skill clearly discloses tools that can modify and delete SilverBullet pages. This is purpose-aligned, but it is still meaningful authority over user data.
| `write_page` | Create or update a page | ... | `delete_page` | Delete a page |
Use the skill only with a SilverBullet space you trust, and require explicit confirmation before write, append, or delete actions.
A mistaken or untrusted base URL could make the agent interact with the wrong SilverBullet server or another reachable HTTP service.
Allowing the agent to override the target server is useful for remote SilverBullet instances, but it broadens where the MCP server can send read/write/delete requests.
All tools accept an optional `base_url` parameter to override the default server URL.
Keep the default SILVERBULLET_URL fixed where possible, and do not let untrusted content choose the base_url parameter.
Dependency updates could change runtime behavior after installation or reinstall.
The skill installs normal Python dependencies using version lower bounds rather than exact pins. This is common, but it means future dependency versions may differ.
dependencies = [
"mcp[cli]>=1.2.0",
"httpx>=0.27.0",
]Install from a trusted source and consider pinning dependency versions in controlled environments.
Private notes may be exposed to the agent session, and malicious or stale note text could influence the agent if treated as instructions.
The tool returns persistent markdown note content to the agent. Notes may contain private data or instructions that the agent could treat as context.
async def read_page(path: str, base_url: str | None = None) -> str: ... return response.text
Only connect note spaces you are comfortable sharing with the agent, and treat note contents as data rather than authoritative instructions.