Back to skill
Skillv1.0.1
ClawScan security
Obsidian Task · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 11:03 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around the official Obsidian CLI and its requirements and instructions are consistent with that purpose.
- Guidance
- This skill appears to be a straightforward, instruction-only wrapper for the official Obsidian CLI. Before installing: (1) confirm you have Obsidian 1.12+ and a Catalyst license and that you've registered the official 'obsidian' command; (2) understand the skill will run 'obsidian' commands that can modify files in your local vault—consider a backup of your vault; (3) verify the 'obsidian' CLI on your PATH is the official binary you expect; (4) note the skill source/homepage is not provided—if you want tighter control, review the SKILL.md yourself and avoid allowing autonomous invocation (or disable model invocation) so the agent cannot run commands without your explicit go-ahead.
Review Dimensions
- Purpose & Capability
- okThe name and description say it manages Obsidian tasks via the Obsidian CLI and the SKILL.md exclusively references the 'obsidian' CLI and Obsidian app (including the Catalyst license requirement). There are no unrelated binaries, credentials, or config paths requested.
- Instruction Scope
- okRuntime instructions only call the official 'obsidian' CLI and show concrete commands that operate on files inside the user's Obsidian vault. The SKILL.md does not instruct the agent to read unrelated system files, environment variables, or send data to external endpoints. Note: the CLI commands will modify local vault files and require the Obsidian app to be running.
- Install Mechanism
- okNo install spec or external downloads — instruction-only skill. This is the lowest-risk install surface because nothing is written to disk by the skill itself.
- Credentials
- okThe skill declares no environment variables, secrets, or config paths. The lack of credentials is appropriate for a local CLI wrapper.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent platform privileges. It can be invoked autonomously (platform default), which is expected for skills, but it does not modify other skills or system-wide settings.