ClawHub

Fabric.co API skill

v1.0.1

Create, search, and manage Fabric resources via the Fabric HTTP API (notepads/notes, folders, bookmarks, files, tags).

1· 2.1k·2 current·2 all-time
byTristan Manchester@tristanmanchester
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise HTTP access to Fabric; required env var is FABRIC_API_KEY and helpers target https://api.fabric.so. Declared required binaries (node/python3/python/curl) match the cross-platform helpers and the README's curl examples.
Instruction Scope
SKILL.md instructs only Fabric-related actions (create/search/manage resources), documents endpoints, and provides helper usage. It does not instruct reading unrelated local files or secrets beyond FABRIC_API_KEY; optional FABRIC_BASE is referenced but appropriate. The docs caution about not pasting the API key into prompts.
Install Mechanism
Instruction-only skill with no install spec; included Node/Python scripts are plain, use standard libraries/fetch, and do not download or execute remote code. No high-risk download URLs or archive extraction are present.
Credentials
Only FABRIC_API_KEY is required (declared as primaryEnv). The scripts optionally read FABRIC_BASE (non-sensitive). No unrelated credentials or system config paths are requested.
Persistence & Privilege
Skill is not always-enabled and does not request system-wide persistence or modify other skills. It runs helpers locally and uses the provided API key for requests.
Assessment
This skill appears to do exactly what it claims: a simple, documented HTTP client for the Fabric API that needs only your Fabric API key. Before installing, confirm you trust the skill source (owner ID is opaque here) and only provide a FABRIC_API_KEY you expect the agent to use. Be cautious when invoking absolute URLs with the --with-key flag (or equivalent) because that forces the API key to be sent to arbitrary hosts; prefer relative API paths or omit --with-key. If you need extra assurance, review the bundled scripts (fabric.mjs / fabric.py) yourself — they are short and only perform HTTP calls and basic I/O.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧵 Clawdis
Any binnode, python3, python, curl
EnvFABRIC_API_KEY
Primary envFABRIC_API_KEY
latestvk975ge7q1sr1faqvt96kft9s8n81xn59
2.1kdownloads
1stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
Tristan Manchester@tristanmanchester
latest
Download

Fabric API (HTTP via Node/Python)

Use this skill when you need to read or write content in a user's Fabric workspace using the Fabric HTTP API (https://api.fabric.so).

This version avoids bash-only wrapper scripts. It ships cross-platform helpers:

  • Node: {baseDir}/scripts/fabric.mjs (recommended)
  • Python: {baseDir}/scripts/fabric.py

Critical gotchas (read first)

  • There is no POST /v2/notes endpoint in the bundled OpenAPI spec. To create a “note”, use POST /v2/notepads.
  • Most create endpoints require parentId:
    • A folder UUID or one of: @alias::inbox, @alias::bin
  • Notepad creation requires:
    • parentId
    • and either text (markdown string) or ydoc (advanced/structured)
  • tags must be an array of objects, each item either:
    • { "name": "tag name" } or { "id": "<uuid>" }
    • Never strings, never nested arrays.
  • Field name gotcha: the API schema uses name (not title). If the user says “title”, map it to name in requests.

When the user doesn’t specify a destination folder, default to:

  • parentId: "@alias::inbox"

Setup (OpenClaw / Clawdbot)

This skill expects the Fabric API key in:

  • FABRIC_API_KEY

OpenClaw config example (~/.openclaw/openclaw.json):

{
  skills: {
    entries: {
      "fabric-api": {
        enabled: true,
        apiKey: "YOUR_FABRIC_API_KEY"
      }
    }
  }
}

Notes:

  • apiKey is a convenience for skills that declare primaryEnv; it injects FABRIC_API_KEY for the duration of an agent run.
  • Don’t paste the API key into prompts, client-side code, or logs.

HTTP basics

  • Base URL: https://api.fabric.so (override with FABRIC_BASE if needed)
  • Auth header: X-Api-Key: $FABRIC_API_KEY
  • JSON header (for JSON bodies): Content-Type: application/json

Convenience scripts (cross-platform)

Node helper (recommended)

node {baseDir}/scripts/fabric.mjs GET /v2/user/me

node {baseDir}/scripts/fabric.mjs POST /v2/notepads --json '{"name":"Test note","text":"Hello","parentId":"@alias::inbox"}'

Python helper

python3 {baseDir}/scripts/fabric.py GET /v2/user/me

python3 {baseDir}/scripts/fabric.py POST /v2/notepads --json '{"name":"Test note","text":"Hello","parentId":"@alias::inbox"}'

Notes:

  • Both helpers print the response body on success.
  • On HTTP errors (4xx/5xx), they print HTTP <code> <reason> to stderr and still print the response body, then exit non‑zero (similar to curl --fail-with-body).
  • If you pass an absolute URL (https://...), the helpers do not attach X-Api-Key unless you explicitly pass --with-key.

Core workflows

1) Create a notepad (note)

Endpoint: POST /v2/notepads

Rules:

  • Map user “title” → name
  • Use text for markdown content
  • Always include parentId
  • If you’re debugging 400s, start minimal (required fields only), then add name, then tags.

Minimal create:

node {baseDir}/scripts/fabric.mjs POST /v2/notepads --json '{"parentId":"@alias::inbox","text":"Hello"}'

Create with a name:

node {baseDir}/scripts/fabric.mjs POST /v2/notepads --json '{"name":"Calendar Test Note","text":"Created via OpenClaw","parentId":"@alias::inbox"}'

Create with tags (correct shape):

node {baseDir}/scripts/fabric.mjs POST /v2/notepads --json '{"name":"Ideas","text":"# Ideas\\n\\n- First\\n- Second\\n","parentId":"@alias::inbox","tags":[{"name":"ideas"},{"name":"draft"}]}'

If you keep seeing tag validation errors, temporarily omit tags and create the notepad first.

2) Create a folder

Endpoint: POST /v2/folders

node {baseDir}/scripts/fabric.mjs POST /v2/folders --json '{"name":"My new folder","parentId":"@alias::inbox","description":null}'

3) Create a bookmark

Endpoint: POST /v2/bookmarks

node {baseDir}/scripts/fabric.mjs POST /v2/bookmarks --json '{"url":"https://example.com","parentId":"@alias::inbox","name":"Example","tags":[{"name":"reading"}]}'

4) Browse resources (list children of a folder)

Endpoint: POST /v2/resources/filter

Important:

  • This endpoint’s parentId expects a UUID (not an alias).
  • If you only have an alias, resolve it by listing resource roots and picking the inbox/bin folder ID.
node {baseDir}/scripts/fabric.mjs POST /v2/resources/filter --json '{"parentId":"PARENT_UUID_HERE","limit":50,"order":{"property":"modifiedAt","direction":"DESC"}}'

5) Search

Endpoint: POST /v2/search

Use search when the user gives a fuzzy description (“the note about…”).

node {baseDir}/scripts/fabric.mjs POST /v2/search --json '{"queries":[{"mode":"text","text":"meeting notes","filters":{"kinds":["notepad"]}}],"pagination":{"page":1,"pageSize":20},"sort":{"field":"modifiedAt","order":"desc"}}'

Error handling + retries (practical guidance)

  • 400 Bad Request: schema validation. Re-check required fields, and that tags is [{name}|{id}] not nested.
  • 401/403: auth/subscription/permission. Stop and report the error details; don’t brute-force.
  • 404: wrong endpoint, wrong ID, or no access.
  • 429: rate limiting. Back off (sleep + jitter) and retry reads. Avoid blind retries on create (you may create duplicates).
  • 5xx: transient; retry with backoff.

Reference files

  • OpenAPI spec (source of truth): {baseDir}/fabric-api.yaml
  • Extra schema notes: {baseDir}/references/REFERENCE.md
  • Debug playbook: {baseDir}/references/TROUBLESHOOTING.md

Comments

Loading comments...