ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Obsidian Notes

v1.0.1

Work with Obsidian vaults (plain Markdown notes) and automate via obsidian-cli.

0· 177·4 current·4 all-time
byzhangzhifeng@164149043
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the runtime instructions: the skill expects and uses obsidian-cli and works with Obsidian vaults. Minor mismatch: the SKILL.md instructs the agent to read a user config file (~/Library/Application Support/obsidian/obsidian.json) but the skill metadata did not declare any required config paths or OS restriction (the path is macOS-specific).
Instruction Scope
Instructions are focused on Obsidian operations (search, create, move, delete) and explicitly recommend reading the Obsidian config to discover vaults. This requires reading a user-specific file in the home directory; that is expected for the purpose but should have been declared in metadata. There are no instructions that exfiltrate data or call external endpoints beyond normal obsidian-cli/URI behavior.
Install Mechanism
Install uses a Homebrew formula (yakitrak/yakitrak/obsidian-cli). Brew installs are lower risk than arbitrary downloads, but this is a third‑party tap (yakitrak) rather than an official vendor tap; you should inspect the formula/source before trusting it.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. It does access a user config file (vault paths) as part of normal operation; this is proportional to its purpose but was not listed under required config paths in the metadata (a minor coherence issue).
Persistence & Privilege
The skill is not always-enabled and does not request persistent or elevated platform privileges. It does not modify other skills or system-wide configs according to the provided files.
What to consider before installing
This skill appears to do what it says (manage Obsidian vaults via obsidian-cli) but take a few precautionary steps before installing: 1) Verify you actually run this on macOS (the SKILL.md references a macOS-specific config path). 2) Inspect the Homebrew formula in the yakitrak tap (third‑party) to ensure it installs what you expect and doesn't run unexpected post-install actions. 3) Understand that the skill (and obsidian-cli) will read your Obsidian config and note files (which may contain sensitive information); only run it if you trust the environment and the formula. 4) Consider running the brew install and a few obsidian-cli commands manually in a controlled session first to confirm behavior. If you want higher assurance, request the exact brew formula source or an official upstream package before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fk3spg8em8c1nw4snhhwh3s832man

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💎 Clawdis
Binsobsidian-cli

Install

Install obsidian-cli (brew)
Bins: obsidian-cli
brew install yakitrak/yakitrak/obsidian-cli

Comments