ClawHub

Obsidian FNS

v0.3.0

Control a remote Obsidian vault through Fast Note Sync. Use when reading, searching, writing, or appending notes in Obsidian from OpenClaw, especially for re...

0· 83·0 current·0 all-time
by@attack-flower
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (remote Obsidian via Fast Note Sync) matches the included scripts and CLI actions. The code implements login, vault listing, search, read, write, append, rename, move, histories, and related endpoints against a user-configurable baseUrl. It also documents the configuration files and environment variables it supports; these all align with the stated purpose.
Instruction Scope
SKILL.md and references instruct the agent to run the bundled Python scripts (fns_actions.py → fns.py). The scripts read config from ~/.config/fast-note-sync/config.json and ~/.openclaw/openclaw.json and use environment variables prefixed FNS_ if present. This is expected for a client that needs connection credentials, but it means the skill will read local config files and can persist a token to ~/.config/fast-note-sync/config.json. The instructions do not ask to read arbitrary unrelated files or send data to unexpected endpoints; network calls are made to whatever baseUrl the user configures.
Install Mechanism
There is no install spec (instruction-only for installation), and the package contains plain Python scripts that are executed locally. No downloads from external URLs or package installs are performed by the skill itself, which keeps install risk low.
Credentials
The registry metadata declares no required env vars or credentials, which matches that credentials are optional until runtime. The code supports FNS_BASE_URL, FNS_TOKEN, FNS_CREDENTIALS, FNS_PASSWORD, FNS_VAULT, and a timeout variable. Requesting tokens/credentials is proportional to the skill's purpose, but users should note that the skill can read ~/.openclaw/openclaw.json (to respect legacy config) and will write tokens to ~/.config/fast-note-sync/config.json after login.
Persistence & Privilege
The skill does not set always:true and does not modify other skills' configuration. Its persistent effect is limited to writing its own config file (~/.config/fast-note-sync/config.json) for token reuse, which is reasonable for a client that caches tokens.
Assessment
This package appears to be a straightforward Fast Note Sync client. Before installing, verify the baseUrl you will use points to a trusted Fast Note Sync server (an attacker-controlled baseUrl could receive your token and note data). Be aware that running the login action will store a token in ~/.config/fast-note-sync/config.json and the scripts read ~/.openclaw/openclaw.json if present. If you do not trust the remote server, avoid using login or providing credentials; instead use ephemeral tokens or a test vault. Inspect the scripts in your environment if you want to confirm there are no additional network targets or changes to other local files.

Like a lobster shell, security has layers — review code before you run it.

latestvk9704m4mg0e5j2f5hhj2gngvsx83q532

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments