ClawHub

obsidian-cli-skills

v1.0.0

Obsidian CLI enables managing Obsidian vaults via command line, supporting note creation, search, move with wiki link update, delete, frontmatter edit, daily...

0· 495·2 current·2 all-time
by0xCryptoPriest@0x-cryptopriest
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md describes a CLI that manipulates Obsidian vaults (create, move, delete, edit frontmatter), which is coherent with the name/description. However the skill metadata lists no required binaries or install — yet every command in the instructions calls an external binary 'obsidian-cli'. The metadata should declare that binary (or include an install). Also the SKILL.md hard-codes a default vault path (/Users/luoxiaohei/.openclaw/obsidian_workspace) tied to a specific user, which is unexpected and may cause the agent to operate on unintended files if used as-is.
Instruction Scope
Instructions direct use of obsidian-cli to read and modify vault files (create/move/delete notes, update wiki links, edit frontmatter) and explicitly say the CLI reads ~/Library/Application Support/obsidian/obsidian.json for vault info. Reading/writing those local files is expected for this purpose, but the manual references to a user-specific default path and to system-level app data mean the skill will access user files and Obsidian configuration — users should expect local file modification.
Install Mechanism
There is no install spec (instruction-only), so nothing gets written by the skill itself. This is low-risk from an install standpoint. However, the absence of an install declaration contributes to the inconsistency because the SKILL.md clearly expects an obsidian-cli binary to be present.
Credentials
The skill declares no environment variables or credentials, and the instructions do not request secrets. The only external data referenced are local filesystem paths and Obsidian's config file, which are proportional to a vault-management CLI.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or to modify other skills' configs. Autonomous invocation is allowed by default but not combined with other high-risk factors here.
What to consider before installing
This skill is an instruction-only guide for a CLI that manipulates your Obsidian vault files. Before installing or enabling it: 1) Confirm you have (or will install) the obsidian-cli binary — the skill metadata does not declare it but the instructions require it. 2) Inspect and if necessary change the default vault path in the SKILL.md — it contains a hard-coded user path (/Users/luoxiaohei/...) which may point outside your intended vault and could cause unintended file changes. 3) Back up your vault before using commands that delete or move files (delete/move/overwrite). 4) Expect the skill to read ~/Library/Application Support/obsidian/obsidian.json to discover vaults; if you are uncomfortable with that, do not enable the skill. 5) Because the skill can modify local files, avoid enabling it with broad autonomous privileges until you verify it behaves as expected. If the publisher can provide a declared required-binary entry and remove user-specific hard-coded paths, the inconsistencies would be resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ewx80zmc12n7b7hsavzwthh82b9em

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments