Back to skill
Skillv0.1.2
VirusTotal security
Obsidian Clip · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:03 AM
- Hash
- 8488b952ef614679a0c386b6e6f61dd73d93160ddfe30d1b9277d241968fceb4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: obsidian-clip Version: 0.1.2 The `scripts/clip_save.sh` script is vulnerable to shell injection and path traversal. The `OBSIDIAN_VAULT` environment variable, which determines the base directory for saving notes, is used directly in a `mkdir -p` command without sanitization. If an attacker can control this environment variable (e.g., via prompt injection against the agent or a compromised environment), they could inject arbitrary shell commands, leading to Remote Code Execution (RCE), or write files to arbitrary locations on the filesystem. This is a critical vulnerability, not intentional malice.
- External report
- View on VirusTotal