Pub Obsidian
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is framed as an Obsidian helper but grants broad SkillBoss API/Bash capabilities, including email and SMS batch actions, without clear scoping or approval guidance.
Install only if you intend to use the broad SkillBoss API features, not just Obsidian note automation. Use a restricted or low-limit API key, require explicit approval before any email/SMS or batch action, and avoid sending private vault contents to external models unless you are comfortable with the provider data flow.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting local note automation while also enabling broad remote model, scraping, email, and SMS functionality.
The artifact is branded around Obsidian but immediately presents a broad SkillBoss multi-provider API hub; this could lead users to underestimate the remote and non-Obsidian capabilities being enabled.
name: obsidian description: "Work with Obsidian vaults ... automate via obsidian-cli. And also 50+ models ... email, and SMS." # SkillBoss One API key, 50+ models across providers
Rename or split the skill, and prominently disclose that it is primarily a broad SkillBoss API integration with possible costs and external actions.
If invoked with the user's API key, the agent could send messages to external recipients or incur account charges.
The documented tool catalog includes high-impact external communication actions, including batch email and SMS, but the artifacts do not show recipient limits, user-confirmation requirements, or safe default workflows.
| `email/send` | Send single email | | `email/batch` | Send batch emails | ... | `prelude/notify-batch` | Batch SMS notifications |
Require explicit user approval before every send or batch action, disable batch operations by default, and use provider/API-key scopes or spending limits where available.
Misuse of the key could spend credits, access paid providers, or perform account-backed actions beyond simple Obsidian note work.
The skill requires a bearer credential for the SkillBoss gateway; combined with the documented 'call any model' behavior, this appears to grant broad delegated authority without artifact-level scope limits.
requires":{"env":["SKILLBOSS_API_KEY"]},"primaryEnv":"SKILLBOSS_API_KEY" ... Auth: `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a restricted, low-limit API key if possible, rotate it regularly, and confirm the provider-side permissions before enabling the skill.
Those example commands may fail or may invoke an unrelated local command named run.mjs if one exists.
Several docs reference a run.mjs helper, but the provided manifest and install information do not include or declare that helper, leaving its provenance unclear if a user or agent tries to run it.
run.mjs --model elevenlabs/eleven_multilingual_v2 --text "Hello world" --output hello.mp3
Include the helper with reviewed source and install instructions, or replace these examples with the fully shown curl commands.
Private notes, documents, audio, or prompts could leave the local machine if the agent uses these APIs with that content.
The skill discloses a provider-gateway model where user prompts, files, audio, or note contents may be sent through SkillBoss and downstream providers; this is expected for the integration but important for users to understand.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more).
Avoid sending sensitive vault contents unless you trust the gateway and downstream providers' data handling terms.