Joplin API(中文)
ReviewAudited by ClawScan on May 13, 2026.
Overview
The skill is mostly a local Joplin API wrapper, but it claims it does not modify data while also giving the agent full create/update/delete capability.
Before installing, understand that the Joplin token can allow broad local access to your notes and that this skill is not truly read-only despite its description. Use it only if you are comfortable confirming write/delete actions and storing the token in OpenClaw configuration.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may grant access believing the skill is read-only, while it can in fact change or delete Joplin content if the user confirms an action.
The front description claims the skill does not modify data, but the runtime instructions say it has full CRUD capability and can perform write/delete operations after confirmation.
“不修改数据” ... “具备完整的 CRUD 能力” ... “写入/删除操作(POST/PUT/DELETE)”
Clarify the description to state the skill can read, create, update, and delete Joplin data, or provide a genuinely read-only mode with only GET operations.
The agent can freely read Joplin records and, with confirmation, modify or delete notes, notebooks, tags, or resources.
The skill exposes broad local Joplin REST API operations. The approval requirement for mutations is a useful control, but the authority remains high-impact.
“读取操作(GET):自由执行,无需批准” ... “写入/删除操作(POST/PUT/DELETE):必须在用户明确确认后才执行”
Review each proposed write/delete request carefully, confirm exact note or notebook IDs, and keep Joplin backups before using mutation features.
Anyone or any agent process with access to that OpenClaw config may be able to use the Joplin API token.
The skill asks for the Joplin Web Clipper access password and stores it in OpenClaw configuration; this is expected for the local API but gives ongoing access to the Joplin instance.
“Token 存储在 OpenClaw 配置 `skills.entries.joplin-api.env.JOPLIN_TOKEN`” ... “把这段密码发给我,我会写入配置文件”
Only provide the token if you trust the environment, protect the OpenClaw config file, and rotate or remove the token if you no longer use the skill.
Sensitive personal or work notes may be read into the assistant context when searches or note-body fetches are performed.
The skill is designed to retrieve Joplin note bodies into the agent workflow, which is purpose-aligned but can expose private note content to the active conversation context.
“Full-text search across all notes” ... “Then read the matching note” ... “fields=body”
Use specific searches, avoid fetching unnecessary note bodies, and treat note content as user data rather than as instructions for the agent.