← Back to Skills Marketplace

Joplin Api

Name: Joplin Api
Author: killgfat

by KGTAF · GitHub ↗ · v0.1.3

cross-platform ✓ Security Clean

660

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install joplin-api

Description

Manage Joplin notes via REST API. Use for creating, reading, updating, deleting, or searching Joplin notes programmatically.

README (SKILL.md)

Joplin API Skill

Manage Joplin notes, notebooks, and tags via Joplin Data API.

Environment Variables

Variable	Required	Default	Description
`JOPLIN_BASE_URL`	No	`http://localhost:41184`	Joplin API URL
`JOPLIN_TOKEN`	Yes	-	API Token from Web Clipper

Quick Start

1. Get API Token

Open Joplin → Tools → Options → Web Clipper
Enable service and copy the token

2. Test Connection

python3 joplin.py ping

Basic Commands

python3 joplin.py ping                    # Test connection
python3 joplin.py create --title "Title"  # Create note
python3 joplin.py search "keyword"        # Search
python3 joplin.py list --type notes       # List notes
python3 joplin.py stats                   # Statistics

Security

Import/Export restricted to workspace directory
Sensitive system directories blocked

Documentation

references/API.md - Full API reference
references/CONFIGURATION.md - Configuration examples

Usage Guidance

This skill appears to do what it says: it is a local Joplin Data API client implemented in Python and requires a JOPLIN_TOKEN (API token) and python3 with requests and python-dotenv. Before installing, check: 1) Provide a valid JOPLIN_TOKEN and confirm whether your runtime environment will supply the SKILL.md pip install step (the registry metadata omitted required env info). 2) Review and, if needed, change JOPLIN_IMPORT_DIR/JOPLIN_EXPORT_DIR to a directory you control — the default is /root/.openclaw/workspace and the code blocks access to /home and other system dirs which may prevent using your normal home directory. 3) Confirm you trust the code bundle (it calls only your configured Joplin server URL and does not phone home); if you plan to point JOPLIN_BASE_URL at a remote host, ensure the host is trusted. Finally, if you need the skill to run on a non-root environment, adjust the default workspace paths accordingly.

Capability Analysis

Type: OpenClaw Skill Name: joplin-api Version: 0.1.3 The OpenClaw AgentSkills bundle for Joplin API is classified as benign. The skill's primary function is to manage Joplin notes via its REST API, which it accomplishes using standard Python libraries like `requests` and `argparse`. Crucially, the `joplin_export.py` and `joplin_import.py` scripts implement robust path sanitization using `pathlib.Path.resolve()`, explicitly defining `ALLOWED_BASE_DIRS` (e.g., `/root/.openclaw/workspace`) and a comprehensive list of `BLOCKED_DIRS` (e.g., `/etc`, `/home`, `/bin`), effectively mitigating path traversal vulnerabilities. There is no evidence of malicious intent, data exfiltration, unauthorized execution, or prompt injection attempts in any of the files, including the `SKILL.md` instructions.

Capability Assessment

✓ Purpose & Capability

The skill's name and description (Joplin API management) match the included files and behavior: Python scripts call the Joplin Data API (GET/POST/PUT/DELETE) and implement create/read/update/delete/search/import/export operations. Required binary (python3) and Python dependencies (requests, python-dotenv) are appropriate for the stated purpose.

ℹ Instruction Scope

Runtime instructions and scripts only interact with the configured Joplin API base URL and local filesystem for import/export. Scripts read JOPLIN_BASE_URL and JOPLIN_TOKEN (declared in SKILL.md) and limit import/export to workspace dirs. No instructions attempt to read unrelated system state or send data to third-party endpoints. Minor oddity: SKILL.md metadata says to install pip deps, but the skill registry's top-level summary listed no required env vars — the scripts do require JOPLIN_TOKEN at runtime.

✓ Install Mechanism

No remote downloads or archive extraction are used. The SKILL.md recommends installing Python packages via pip (requests, python-dotenv) which is expected for Python scripts. There is no suspicious install URL or arbitrary code fetch.

ℹ Credentials

Environment variables used (JOPLIN_BASE_URL, JOPLIN_TOKEN, JOPLIN_IMPORT_DIR, JOPLIN_EXPORT_DIR) are proportionate and directly tied to Joplin API usage. However, registry metadata at the top listed 'Required env vars: none' while SKILL.md marks JOPLIN_TOKEN as required — that's an inconsistency to be aware of. The default allowed workspace is /root/.openclaw/workspace and BLOCKED_DIRS includes /home, which may be unexpectedly restrictive on typical user systems.

✓ Persistence & Privilege

The skill is not always-enabled and does not request system-wide persistence or privileges. It doesn't modify other skills' configs. Autonomous invocation is allowed by default (platform standard) but the skill doesn't request elevated platform privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install joplin-api
After installation, invoke the skill by name or use /joplin-api
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.3

Removed all .env location references from code and documentation

v0.1.2

Simplified documentation: Removed .env location details, cleaner environment variable declaration

v0.1.1

Fixed documentation inconsistencies: Added proper YAML front matter, updated CONFIG.example to use JOPLIN_BASE_URL, rewrote all documentation in English, clarified .env location (~/.openclaw/.env)

v0.1.0

Initial release: Complete rewrite following Joplin official API documentation.

v0.0.3

修复：1) 统一 metadata 和文档的环境变量要求说明 2) 添加非隐藏的 CONFIG.example 配置模板 3) 移除 pipx 建议

v0.0.2

修复：添加 allowed-tools 声明，修正 metadata YAML 格式，添加 homepage 链接

v0.0.1

Initial release: programmatic management of Joplin notes, notebooks, and tags via Data API with flexible deployment support. - Supports create, read, update, delete, search, organize notes via command-line scripts. - Handles notebooks and tags: create, list, rename, delete, add/remove tags, move notes between notebooks. - Batch operations: import/export notes, batch move, backup/export all notes. - Requires Python 3 and dependencies (requests, python-dotenv), configurable via environment variables. - Compatible with local, Docker, or remote Joplin deployments.

Metadata

Slug joplin-api

Version 0.1.3

License —

All-time Installs 1

Active Installs 1

Total Versions 7

Frequently Asked Questions

What is Joplin Api?

Manage Joplin notes via REST API. Use for creating, reading, updating, deleting, or searching Joplin notes programmatically. It is an AI Agent Skill for Claude Code / OpenClaw, with 660 downloads so far.

How do I install Joplin Api?

Run "/install joplin-api" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Joplin Api free?

Yes, Joplin Api is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Joplin Api support?

Joplin Api is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Joplin Api?

It is built and maintained by KGTAF (@killgfat); the current version is v0.1.3.

More Skills