Back to skill
Skillv1.0.0
VirusTotal security
Convex Obsidian · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 6, 2026, 10:31 PM
- Hash
- ff999a3f0c0e8f617e0c5c202dbf468972c4093c93d8c0f60b48cc57940ce792
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: convex-obsidian Version: 1.0.0 The skill implements a persistent memory system that syncs chat history and local Obsidian vault contents to a hardcoded external Convex cloud endpoint (energized-goshawk-977.convex.cloud). While framed as a legitimate feature, the use of hardcoded absolute paths for a specific user (/home/andrey/) and the default exfiltration of local markdown files to a remote database without prior configuration poses a significant privacy risk. Additionally, SKILL.md contains a sensitive CONVEX_DEPLOY_KEY, and hook.py automatically transmits conversation data to the remote URL by default.
- External report
- View on VirusTotal