Skillv1.0.0

ClawScan security

obsidian-cli-skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 3:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match an Obsidian CLI utility, but there are inconsistencies (missing declared binary requirement and hard‑coded user path) and it instructs file reads/writes of local Obsidian data — review before installing.
Guidance: This skill is an instruction-only guide for a CLI that manipulates your Obsidian vault files. Before installing or enabling it: 1) Confirm you have (or will install) the obsidian-cli binary — the skill metadata does not declare it but the instructions require it. 2) Inspect and if necessary change the default vault path in the SKILL.md — it contains a hard-coded user path (/Users/luoxiaohei/...) which may point outside your intended vault and could cause unintended file changes. 3) Back up your vault before using commands that delete or move files (delete/move/overwrite). 4) Expect the skill to read ~/Library/Application Support/obsidian/obsidian.json to discover vaults; if you are uncomfortable with that, do not enable the skill. 5) Because the skill can modify local files, avoid enabling it with broad autonomous privileges until you verify it behaves as expected. If the publisher can provide a declared required-binary entry and remove user-specific hard-coded paths, the inconsistencies would be resolved.

Review Dimensions

Purpose & Capability: concernSKILL.md describes a CLI that manipulates Obsidian vaults (create, move, delete, edit frontmatter), which is coherent with the name/description. However the skill metadata lists no required binaries or install — yet every command in the instructions calls an external binary 'obsidian-cli'. The metadata should declare that binary (or include an install). Also the SKILL.md hard-codes a default vault path (/Users/luoxiaohei/.openclaw/obsidian_workspace) tied to a specific user, which is unexpected and may cause the agent to operate on unintended files if used as-is.
Instruction Scope: noteInstructions direct use of obsidian-cli to read and modify vault files (create/move/delete notes, update wiki links, edit frontmatter) and explicitly say the CLI reads ~/Library/Application Support/obsidian/obsidian.json for vault info. Reading/writing those local files is expected for this purpose, but the manual references to a user-specific default path and to system-level app data mean the skill will access user files and Obsidian configuration — users should expect local file modification.
Install Mechanism: okThere is no install spec (instruction-only), so nothing gets written by the skill itself. This is low-risk from an install standpoint. However, the absence of an install declaration contributes to the inconsistency because the SKILL.md clearly expects an obsidian-cli binary to be present.
Credentials: okThe skill declares no environment variables or credentials, and the instructions do not request secrets. The only external data referenced are local filesystem paths and Obsidian's config file, which are proportional to a vault-management CLI.
Persistence & Privilege: okalways is false and the skill does not request system-wide persistence or to modify other skills' configs. Autonomous invocation is allowed by default but not combined with other high-risk factors here.