Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Conversation Recap to Obsidian
v1.1.0Build high-value Obsidian daily and weekly review notes from conversation or existing markdown notes. Use this skill whenever the user asks to summarize the...
⭐ 0· 75·1 current·1 all-time
byAmo@amortalsodyssey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the code: it parses conversation/markdown and reads/writes Obsidian notes. However, the registry metadata lists no required binaries or env vars while the shipped script clearly expects an Obsidian CLI binary (config 'obsidian_bin' / DEFAULTS) and invokes it to read/create/append notes. That is an inconsistency between declared requirements and actual runtime needs.
Instruction Scope
SKILL.md and README instruct the agent to read daily/weekly notes and to insert/replace a generated summary block; the included script implements that behavior and restricts itself to vault-relative paths and allowed file extensions. It does not instruct the agent to read unrelated system files or external endpoints. The skill will read potentially many user notes in the vault (expected for its purpose).
Install Mechanism
There is no install spec or remote download in the manifest — the skill is instruction + a local script file only, so nothing is fetched from third-party hosts during install. This is low-risk from an install perspective.
Credentials
The skill requests no credentials or environment variables in the registry. It does rely on a local config (config.json or CLI args) to provide the vault path and 'obsidian_bin'. Access to the user's Obsidian vault contents is necessary for the stated purpose; no unrelated secrets or cloud credentials are requested.
Persistence & Privilege
The skill is not always-enabled and can be invoked by the user (default autonomous invocation allowed). It writes to the user's notes via the Obsidian CLI. The notable runtime privilege: it executes a user-configurable binary (obsidian_bin) using subprocess.run. If that path points to a malicious or tampered binary, the skill would run it with the agent's permissions — this is a configuration-time risk rather than an intrinsic request for elevated platform privileges.
What to consider before installing
This skill appears to implement the described Obsidian recap features, but check a few things before installing: (1) The manifest did not declare required binaries yet the script runs an 'obsidian_bin' executable — ensure you have the official Obsidian CLI and set obsidian_bin to the real binary path. (2) Inspect scripts/recap_manager.py yourself (or run it in a sandbox) to confirm it matches your expectations; it will read and write files in your vault. (3) Because the script executes the configured obsidian_bin, make sure that path is trustworthy (not a symlink or a custom script). (4) Backup your vault or test on a copy before allowing the skill to write notes. (5) If you do not want the agent to autonomously run write operations, disable autonomous invocation or only invoke the skill manually. If you want, provide the skill owner or updated metadata that lists the Obsidian CLI dependency so the registry accurately reflects runtime requirements.Like a lobster shell, security has layers — review code before you run it.
dailyvk973p1pw039vv8gszcwf8w6vwd83jbm2latestvk97b2meamja299gz7cybba31wx84b1k0obsidianvk973p1pw039vv8gszcwf8w6vwd83jbm2recapvk973p1pw039vv8gszcwf8w6vwd83jbm2reviewvk973p1pw039vv8gszcwf8w6vwd83jbm2summaryvk973p1pw039vv8gszcwf8w6vwd83jbm2weeklyvk973p1pw039vv8gszcwf8w6vwd83jbm2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.