ClawHub

Obsidian Sync

Sync files between Clawdbot workspace and Obsidian. Run the sync server to enable two-way file synchronization with the OpenClaw Obsidian plugin.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
5 · 2.4k · 16 current installs · 16 all-time installs
by@AndyBold
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the included script implements a local HTTP sync server for Obsidian/Clawdbot two-way sync. However, the registry metadata lists no required env vars or binaries while the SKILL.md and script require a SYNC_TOKEN (or CLAWDBOT_TOKEN) and Node to run — this is an incoherence between declared purpose/requirements and actual needs.
!
Instruction Scope
SKILL.md instructs running the included Node script, configuring SYNC_TOKEN, workspace, and allowed subdirectories, and shows a systemd service example. Those instructions are focused on the sync purpose, but they also (a) recommend exposing the server via Tailscale and (b) include starting persistent user services. The doc doesn't document the alternate CLAWDBOT_TOKEN env var present in code. The agent instructions and code can expose local files from the configured workspace if the token is compromised — this is expected functionality but worth highlighting.
Install Mechanism
There is no install spec (instruction-only), which is low-risk. However, the script requires Node.js at runtime; the registry did not declare Node as a required binary. That mismatch should be corrected in metadata so users know they must have Node installed before running.
!
Credentials
The SKILL.md and script require an authentication token (SYNC_TOKEN required) and accept an alternate CLAWDBOT_TOKEN env var. The registry metadata lists no required env vars, so a sensitive credential requirement is undocumented. Requesting a gateway/auth token is reasonable for an authenticated sync server, but the undocumented CLAWDBOT_TOKEN alias and omission from registry are incoherent and mean users might accidentally expose a privileged token. Also the default workspace (/data/clawdbot) can contain sensitive data — ensure the token scope and workspace are correct before use.
Persistence & Privilege
The skill is not marked always:true and is user-invocable, which is appropriate. The SKILL.md includes instructions for running it as a persistent systemd user service; if installed as a long-running service it will have ongoing access to files in the configured workspace. Autonomous model invocation is allowed by default (disable-model-invocation=false) — this is normal for skills, but combined with a long-running service and credential use it increases potential exposure if the token or service is misconfigured.
What to consider before installing
This skill appears to implement the described Obsidian <-> Clawdbot sync server, but there are practical mismatches and privacy risks you should consider before installing: - Metadata vs reality: The registry claims no required env vars or binaries, but SKILL.md and the script require a SYNC_TOKEN (or CLAWDBOT_TOKEN) and Node.js. Expect to supply a sensitive token and to run Node. Ask the publisher to update metadata. - Token sensitivity: SYNC_TOKEN is required and authenticates all requests. Treat it like a secret; do not reuse a high-privilege gateway token unless you understand its scope. Prefer creating a limited-scope token for sync. - Workspace scope: Default workspace (/data/clawdbot) may contain sensitive files. Set SYNC_WORKSPACE to a directory that only contains notes you intend to sync, and set SYNC_ALLOWED_PATHS narrowly. - Exposure: The server binds to localhost by default (safer). If you expose it (e.g., via Tailscale), ensure the token is strong and audit access. Running as a systemd service gives persistent access — only enable if you trust the code and token handling. - Verify source: The skill lists an external GitHub project but the skill owner is unknown. If you plan to run it long-term, review the included script (you have it) and consider running it in a container or sandbox first. Recommended next steps: verify Node is installed, set up a dedicated low-privilege token, change SYNC_WORKSPACE to a non-sensitive directory, run the server locally and test with a throwaway token, and ask the package owner to correct registry metadata (declare required env vars and Node).

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97bdbbqyns5bv6d8cw71w1ygn80aag0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Obsidian Sync Server

A secure file sync server for two-way synchronization between Clawdbot and Obsidian.

📦 This skill is part of obsidian-openclaw
An Obsidian plugin that lets you chat with your Clawdbot agent and sync notes between your vault and the agent's workspace.

Quick Start

SYNC_TOKEN="your-gateway-token" node scripts/sync-server.mjs

Configuration

Environment VariableDefaultDescription
SYNC_PORT18790Server port
SYNC_BINDlocalhostBind address
SYNC_WORKSPACE/data/clawdbotRoot workspace path
SYNC_TOKEN(required)Auth token (use Gateway token)
SYNC_ALLOWED_PATHSnotes,memoryComma-separated allowed subdirectories

Security

  • Only configured subdirectories are accessible
  • Path traversal (../) is blocked
  • All requests require Authorization: Bearer <token>
  • Bind to localhost; expose via Tailscale serve for remote access

API Endpoints

MethodEndpointDescription
GET/sync/statusHealth check
GET/sync/list?path=notesList markdown files
GET/sync/read?path=notes/x.mdRead file + metadata
POST/sync/write?path=notes/x.mdWrite file (conflict detection)

Exposing via Tailscale

tailscale serve --bg --https=18790 http://localhost:18790

Running as a Service

User systemd service

mkdir -p ~/.config/systemd/user

cat > ~/.config/systemd/user/openclaw-sync.service << 'EOF'
[Unit]
Description=OpenClaw Sync Server
After=network.target

[Service]
Type=simple
Environment=SYNC_TOKEN=your-token-here
Environment=SYNC_WORKSPACE=/data/clawdbot
Environment=SYNC_ALLOWED_PATHS=notes,memory
ExecStart=/usr/bin/node /path/to/skills/obsidian-sync/scripts/sync-server.mjs
Restart=on-failure
RestartSec=5

[Install]
WantedBy=default.target
EOF

systemctl --user daemon-reload
systemctl --user enable --now openclaw-sync
loginctl enable-linger $USER  # Start on boot

Obsidian Plugin

This skill provides the backend for the OpenClaw Obsidian plugin:

github.com/AndyBold/obsidian-openclaw

The plugin provides:

  • 💬 Chat sidebar — Talk to your Clawdbot agent from Obsidian
  • 📁 File actions — Create, edit, delete notes via conversation
  • 🔄 Two-way sync — Keep notes synchronized between vault and agent
  • 🔒 Secure storage — OS keychain integration for tokens
  • 📋 Audit logging — Track all file operations

Install the plugin via BRAT using: AndyBold/obsidian-openclaw

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…