ClawHub

Conversation Recap to Obsidian

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Obsidian recap helper that reads and updates local daily or weekly notes, with no evidence of hidden network access, credential use, deletion, or deception.

Install this only if you want an assistant to read and modify your Obsidian daily and weekly markdown notes. Configure the vault path and Obsidian binary carefully, keep Obsidian sync/version history or backups enabled, and prefer explicit commands like /summary daily or /summary weekly to avoid accidental writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs use of a bundled Python script that reads and writes Obsidian notes and is invoked via shell, yet the skill declares no permissions. This creates a capability/consent gap: an agent may perform filesystem modification and command execution without transparent permission scoping, increasing the risk of unintended file changes or abuse if the script/config is tampered with.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The documented triggers are very generic words that commonly appear in normal conversation, which increases the chance of unintended skill activation. In a skill that can append to or rewrite Obsidian notes, accidental invocation can lead to unreviewed modifications of user files and unexpected data capture from chat content.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README emphasizes automatic note writes and summary regeneration but does not prominently warn that the skill modifies local Obsidian content. In practice, users may invoke the skill without realizing it can append or replace generated sections, creating a risk of unintended file changes, especially when combined with broad triggers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal