ClawHub

Craft API Skill and Obsidian Migration Tool

Security checks across malware telemetry and agentic risk

Overview

This Craft.do skill is mostly legitimate, but its cleanup script can erase broad Craft workspace content instead of only undoing its own migration.

Install only if you are comfortable giving an agent a Craft API key and uploading selected vault notes to Craft. Treat cleanup-craft.sh as dangerous: back up Craft first, test in a non-critical workspace, and avoid running it unless you intend to remove all user-created folders and move all documents to trash.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents a destructive cleanup command that "deletes everything" without a prominent warning, scope clarification, or an explicit confirmation step. In an agent skill context, operational examples are often copied verbatim, so this increases the risk of accidental mass deletion of user data in Craft.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill promotes bulk document/task creation, migration, and sync workflows that can modify large amounts of remote user data, but it does not prominently warn users that these actions are state-changing. In an agent setting, this omission increases the risk of unintended destructive or large-scale changes to a user's Craft workspace.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup instructions tell users to provide a personal API key and endpoint for a third-party service without clearly warning that all subsequent requests transmit workspace content and grant broad account-scoped access. This can lead to accidental overexposure of sensitive notes, tasks, and documents when used by an automated agent or shared environment.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal