← 返回 Skills 市场
133
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install trilium-etapi
功能描述
Use when interacting with a Trilium Notes server via the ETAPI REST API - creating, reading, updating, searching, or deleting notes, branches, attributes, at...
安全使用建议
This skill appears to be a straightforward curl-based helper for the Trilium ETAPI, but there are a few practical concerns to consider before installing or letting an agent use it:
- Metadata omission: The SKILL.md relies on TRILIUM_URL and TRILIUM_TOKEN (and shows exchanging a password for a token), but the skill metadata declares no required environment variables. Ask the publisher to declare TRILIUM_URL and TRILIUM_TOKEN (and any password usage) explicitly so you can audit and control what credentials are provided.
- Destructive operations: Examples include DELETE /notes, POST /notes/{id}/import, and PUT /backup/{name}. Test with a safe, non-production Trilium instance first and prefer read-only operations to confirm behavior.
- Local file I/O: The snippets read local files (e.g., --data-binary @body.html) and write outputs (e.g., -o subtree.zip). Ensure the agent has access only to intended files and that scripts run in a controlled directory.
- Auth handling: Prefer supplying a pre-generated ETAPI token rather than a password. If you must use a password exchange, verify you are pointing to a trusted TRILIUM_URL and be aware the password is sent to that server.
- Autonomous invocation: The skill can be invoked autonomously by the agent (platform default). That is normal, but because the skill can perform destructive actions on your Trilium server, restrict autonomous use or limit credentials to a read-only token for automated workflows where possible.
If you plan to use this skill, request that the publisher update the skill metadata to declare the required env vars and document intended safety defaults (e.g., example tokens with limited scope or read-only tokens) so you can make an informed decision.
功能分析
Type: OpenClaw Skill
Name: trilium-etapi
Version: 0.0.1
The skill bundle provides documentation and functional curl/jq examples for interacting with the Trilium Notes ETAPI. It covers standard CRUD operations, authentication, and search functionality as described in the official Trilium documentation. No evidence of malicious intent, data exfiltration, or prompt injection was found; the instructions are strictly aligned with the stated purpose of managing a Trilium Notes instance.
能力评估
Purpose & Capability
The name, description, and endpoint reference all align with interacting with Trilium ETAPI. The operations shown (create/read/update/delete notes, branches, attributes, attachments, exports, backups) are coherent for a Trilium integration. However, the skill metadata lists no required environment variables or credentials while the instructions explicitly rely on TRILIUM_URL and TRILIUM_TOKEN (and optionally a password) — a mismatch between declared requirements and actual usage.
Instruction Scope
SKILL.md contains concrete curl-based runtime instructions that read and write local files (e.g., --data-binary @body.html, -o subtree.zip), perform destructive actions (DELETE / notes, PUT /backup/, POST /import), and demonstrate exchanging a password for a token via /auth/login. These are all within the Trilium ETAPI domain, but the doc gives the agent broad discretion to read local files and write outputs and it assumes env vars exist. The instructions could cause data loss on the Trilium server if used without care.
Install Mechanism
Instruction-only skill with no install spec and no bundled code. This is low-risk from an install/execution perspective (nothing is downloaded or written by an installer).
Credentials
The skill requests no env vars in its metadata, yet the runtime instructions assume TRILIUM_URL and TRILIUM_TOKEN (and show how to exchange a password). Required credentials (tokens/passwords) are typical for this API, but the omission from the declared requirements is an inconsistency that could cause accidental misconfiguration or unexpected credential usage. No unrelated credentials are requested, which is good, but the mismatch should be fixed.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or global agent settings in the provided materials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install trilium-etapi - 安装完成后,直接呼叫该 Skill 的名称或使用
/trilium-etapi触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.1
Initial release of trilium-etapi: a comprehensive shell scripting guide for Trilium Notes ETAPI integration.
- Provides reference examples for creating, reading, updating, searching, deleting Trilium notes, branches, attributes, and attachments via ETAPI.
- Documents authentication methods, core API endpoints, and command-line usage patterns using curl and jq.
- Highlights common pitfalls, recommended note types, and advanced scripting workflows.
- Triggers on mentions of Trilium, ETAPI, noteId, branchId, or ETAPI URLs.
元数据
常见问题
Trilium 是什么?
Use when interacting with a Trilium Notes server via the ETAPI REST API - creating, reading, updating, searching, or deleting notes, branches, attributes, at... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 133 次。
如何安装 Trilium?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install trilium-etapi」即可一键安装,无需额外配置。
Trilium 是免费的吗?
是的,Trilium 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Trilium 支持哪些平台?
Trilium 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Trilium?
由 yanickxia(@yanickxia)开发并维护,当前版本 v0.0.1。
推荐 Skills