SilverBullet API
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: silverbullet-skill Version: 1.0.0 The skill provides an MCP server to interact with the SilverBullet note-taking application. All operations are confined to the SilverBullet REST API, primarily targeting `http://localhost:3000` by default, or a user-configured `SILVERBULLET_URL`. The installation script in `SKILL.md` performs standard Python package installation using `uv`. The `server.py` code uses `httpx` to make requests to the configured SilverBullet instance, offering tools to list, read, write, delete, and search pages. There is no evidence of data exfiltration to external endpoints, malicious execution (e.g., `curl|bash`), persistence mechanisms, obfuscation, or prompt injection attempts in `SKILL.md` or `README.md` designed to subvert the agent's behavior beyond its stated purpose. The capabilities are directly aligned with managing a note-taking application.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent uses these tools incorrectly, it could overwrite or delete notes in the connected SilverBullet space.
The skill clearly discloses tools that can modify and delete SilverBullet pages. This is purpose-aligned, but it is still meaningful authority over user data.
| `write_page` | Create or update a page | ... | `delete_page` | Delete a page |
Use the skill only with a SilverBullet space you trust, and require explicit confirmation before write, append, or delete actions.
A mistaken or untrusted base URL could make the agent interact with the wrong SilverBullet server or another reachable HTTP service.
Allowing the agent to override the target server is useful for remote SilverBullet instances, but it broadens where the MCP server can send read/write/delete requests.
All tools accept an optional `base_url` parameter to override the default server URL.
Keep the default SILVERBULLET_URL fixed where possible, and do not let untrusted content choose the base_url parameter.
Dependency updates could change runtime behavior after installation or reinstall.
The skill installs normal Python dependencies using version lower bounds rather than exact pins. This is common, but it means future dependency versions may differ.
dependencies = [
"mcp[cli]>=1.2.0",
"httpx>=0.27.0",
]Install from a trusted source and consider pinning dependency versions in controlled environments.
Private notes may be exposed to the agent session, and malicious or stale note text could influence the agent if treated as instructions.
The tool returns persistent markdown note content to the agent. Notes may contain private data or instructions that the agent could treat as context.
async def read_page(path: str, base_url: str | None = None) -> str: ... return response.text
Only connect note spaces you are comfortable sharing with the agent, and treat note contents as data rather than authoritative instructions.