ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Obsidian Official CLI

v4.0.2

Official Obsidian CLI (v1.12+). Complete command-line interface for Obsidian notes, tasks, search, tags, properties, links, and more.

8· 3.4k·54 current·56 all-time
byAlexander@alexanderkinging
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (obsidian), and included scripts/docs all align: this skill is a documentation/wrapper for the Obsidian CLI and legitimately needs the obsidian binary and the app to be running.
Instruction Scope
SKILL.md instructions stay within CLI usage (adding to PATH, running obsidian commands). However the documented dev commands (e.g., obsidian eval code="...") allow executing arbitrary JavaScript in the running Obsidian app and therefore can read or modify vault contents — this is a native CLI capability but a powerful one the user should be aware of.
Install Mechanism
No automated install spec is provided (instruction-only), and included scripts are small wrappers. There are no downloads or archive extracts in the skill bundle. The README mentions a third‑party Homebrew tap as an optional install route (not enforced).
Credentials
The skill requires no environment variables or credentials and only expects the obsidian binary and the Obsidian app to be running. The wrapper scripts unconditionally export a macOS app path (minor sloppy behavior) but do not request sensitive secrets.
Persistence & Privilege
The skill is not marked always:true and does not attempt to modify other skills or system-wide agent configuration. It provides CLI wrappers only and does not request persistent elevated privileges.
Assessment
This skill appears to be what it says: a reference and small wrapper for the official Obsidian CLI. Before installing: (1) confirm you installed Obsidian from the official source and enable its CLI; (2) review the small scripts included — they simply call the obsidian binary but unconditionally add a macOS path which is harmless but sloppy; (3) be cautious with commands like obsidian eval which run arbitrary JavaScript inside the running Obsidian app and can access or modify all notes in your vault; (4) the README mentions an optional third‑party Homebrew tap — you can ignore that and use the official Obsidian binary; and (5) no credentials are requested by the skill. If you want extra assurance, inspect or run the wrapper scripts locally before granting the agent autonomous access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ewygs58dcszdr1k3x96rmbn82anpt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💎 Clawdis
Binsobsidian

Comments