Back to skill
Skillv1.0.0
VirusTotal security
Obsidian Sync · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:15 AM
- Hash
- a8bed8383a227ac45f7af7fa6dac43467012c03d6005beb9f539a4b7264e16e7
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: obsidian-sync Version: 1.0.0 The OpenClaw Sync Server skill bundle is designed for secure two-way file synchronization between a Clawdbot workspace and Obsidian. The `scripts/sync-server.mjs` code implements robust security measures, including binding the server to `localhost` by default, requiring a bearer token for all API calls, and performing strict path validation to prevent path traversal and restrict file access to explicitly allowed subdirectories (`notes`, `memory`) within the configured workspace. The `SKILL.md` documentation provides clear, non-malicious instructions for setting up and running the server, including systemd service configuration, without any evidence of prompt injection attempts against the AI agent or other harmful behaviors. The functionality is clearly aligned with its stated purpose and lacks any indicators of malicious intent or unmitigated high-risk actions.
- External report
- View on VirusTotal