Skillv1.0.0

ClawScan security

Pub Obsidian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 6:09 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are about calling the SkillBoss (heybossai.com) model API with a SKILLBOSS_API_KEY, but the skill's name/description claim Obsidian/obsidian-cli integration — the required credential and documented behavior don't match the stated purpose.
Guidance: This skill appears mislabeled: it advertises Obsidian/obsidian-cli functionality but the instructions are solely about calling the SkillBoss API (api.heybossai.com) and require SKILLBOSS_API_KEY. Before installing, verify what you actually need: if you expect Obsidian automation, ask the author to show obsidian-cli examples and why the SkillBoss key is required. If you do install and supply SKILLBOSS_API_KEY, understand that any content sent to the skill (notes, prompts, files you pass) will be transmitted to the external heybossai service. Verify the external API's reputation, privacy policy, and minimum required permissions; consider creating a limited-scope/test key; avoid supplying broader secrets (AWS, GitHub, system passwords). If you don't trust the source (no homepage, unknown owner), do not provide credentials and prefer a vetted Obsidian-specific skill instead.

Review Dimensions

Purpose & Capability: concernThe skill is named and described as an Obsidian vault/obsidian-cli helper, but the SKILL.md is entirely documentation for a third‑party model API (https://api.heybossai.com) and model lists. There are no obsidian-cli commands, no references to Obsidian vault paths, and no local-note automation examples. The declared required env var (SKILLBOSS_API_KEY) is unrelated to Obsidian, so the declared purpose does not match what the skill actually does.
Instruction Scope: noteRuntime instructions are instruction-only curl examples that call heybossai.com endpoints and show how to download generated images/audio/video. The header lists allowed-tools: Bash, Read, but the documented commands do not instruct reading local vault files or other system secrets. Still, the presence of 'Read' as an allowed tool means the skill could be used to read local files if the agent were asked to do so — the SKILL.md itself does not justify that permission for an Obsidian helper.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to write to disk, which is the lowest install risk.
Credentials: concernThe only required environment variable is SKILLBOSS_API_KEY (declared as primary credential). That makes sense for the SkillBoss API shown in SKILL.md, but is disproportionate and unexplained relative to the skill's advertised Obsidian purpose. If you expected Obsidian integration, an Obsidian‑related API key or local path would be expected instead. Providing a third‑party API key grants that external service access to requests and content sent through the skill.
Persistence & Privilege: okalways is false and there are no requested config paths or attempts to modify other skills or system settings. The skill does not request permanent/system‑wide privileges.