ClawHub
Back to skill
v1.0.0

Image Breaker

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:35 AM.

Analysis

The skill is coherent for turning user-provided documents into local Markdown and Obsidian notes, with disclosed file-writing and sync behavior that users should understand before use.

GuidanceThis skill appears benign and aligned with its description. Before installing or using it, confirm that automatic Obsidian syncing is desired, verify the referenced obsidian-sync helper, and update the hardcoded vault path to your own Obsidian location.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Auto-sync by default - User wants notes in Obsidian for cross-referencing

The skill directs the agent to perform local file creation and Obsidian sync as the default workflow. This is aligned with the stated purpose, but it is still an automatic local mutation the user should expect.

User impactUsing the skill can create or copy notes into the user's workspace or Obsidian vault without a separate confirmation step each time.
RecommendationConfirm the target directory or Obsidian vault before processing sensitive or large batches of documents.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/break_image.py
obsidian_sync_script = WORKSPACE_DIR / "skills/obsidian-sync/scripts/sync_to_obsidian.py"

The included helper delegates syncing to an external obsidian-sync script that is not part of this artifact set. This dependency is purpose-aligned but should be separately trusted.

User impactThe final sync behavior depends on another skill/script, so this skill's safety also depends on that external helper.
RecommendationReview or install only a trusted obsidian-sync helper, and adjust the vault path before relying on automatic sync.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
The note is now in your Obsidian vault for tagging and cross-referencing.

The skill persists summaries and extracted content from web documents, PDFs, images, or pasted text into a note system intended for future reuse.

User impactSensitive, incorrect, or instruction-like content from source documents could be preserved in Obsidian and later reused by the user or other agent workflows.
RecommendationReview generated notes from untrusted or sensitive sources before relying on them in future research or automation workflows.