Skillv1.0.0

ClawScan security

Obsidian via notesmd-cli (obsidian-cli) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 6:43 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions match its stated purpose (working with Obsidian vaults via notesmd-cli); main caution is a third‑party Homebrew tap — verify the formula before installing.
Guidance: This skill appears coherent for automating Obsidian with notesmd-cli, but take these precautions before installing: 1) Verify the Homebrew tap and the notesmd-cli project (review the formula and source) because the tap is a third‑party repository. 2) Back up your vaults before running commands that modify or delete files (move/delete). 3) Note the SKILL.md references the macOS Obsidian path (~/Library/Application Support/obsidian/obsidian.json); behavior may differ on other OSes. 4) Run notesmd-cli manually first to confirm what it does and that it only touches your vault. 5) No cloud credentials are requested by the skill itself, so you won't be handing secrets to the skill, but exercise normal caution when installing third‑party packages.

Purpose & Capability: okThe skill is an instruction-only wrapper for notesmd-cli and only requires the notesmd-cli binary (installed via a brew formula). Required binaries and the described operations (search, create, move, read Obsidian metadata files) align with the stated purpose.
Instruction Scope: okSKILL.md instructs reading Obsidian state files (~/Library/Application Support/obsidian/obsidian.json) and vault-local .obsidian/*.json files and running notesmd-cli commands that operate on Markdown files. These actions are consistent with operating on Obsidian vaults and do not instruct access to unrelated files or external endpoints.
Install Mechanism: noteInstallation is via a Homebrew formula from the yakitrak/yakitrak tap (creates a notesmd-cli binary). Using a third-party tap increases risk compared with an official/homebrew-core formula — recommend reviewing the tap/formula and the project's source before installing.
Credentials: okThe skill requests no environment variables, credentials, or config paths beyond reading standard Obsidian state files. This is proportionate to the task of locating and manipulating vault files.
Persistence & Privilege: okThe skill is not set to always: true and does not request elevated or persistent platform privileges. It relies on a user-installed binary and standard file access; autonomous invocation is allowed by default but is not combined with other privilege escalations.