SilverBullet API
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these tools incorrectly, it could overwrite or delete notes in the connected SilverBullet space.
The skill clearly discloses tools that can modify and delete SilverBullet pages. This is purpose-aligned, but it is still meaningful authority over user data.
| `write_page` | Create or update a page | ... | `delete_page` | Delete a page |
Use the skill only with a SilverBullet space you trust, and require explicit confirmation before write, append, or delete actions.
A mistaken or untrusted base URL could make the agent interact with the wrong SilverBullet server or another reachable HTTP service.
Allowing the agent to override the target server is useful for remote SilverBullet instances, but it broadens where the MCP server can send read/write/delete requests.
All tools accept an optional `base_url` parameter to override the default server URL.
Keep the default SILVERBULLET_URL fixed where possible, and do not let untrusted content choose the base_url parameter.
Dependency updates could change runtime behavior after installation or reinstall.
The skill installs normal Python dependencies using version lower bounds rather than exact pins. This is common, but it means future dependency versions may differ.
dependencies = [
"mcp[cli]>=1.2.0",
"httpx>=0.27.0",
]Install from a trusted source and consider pinning dependency versions in controlled environments.
Private notes may be exposed to the agent session, and malicious or stale note text could influence the agent if treated as instructions.
The tool returns persistent markdown note content to the agent. Notes may contain private data or instructions that the agent could treat as context.
async def read_page(path: str, base_url: str | None = None) -> str: ... return response.text
Only connect note spaces you are comfortable sharing with the agent, and treat note contents as data rather than authoritative instructions.