ClawHub

Obsidian To Expertpack

Security checks across malware telemetry and agentic risk

Overview

The skill appears to convert Obsidian vaults as described, but it copies hidden Obsidian configuration into the output by default and recommends persistent memory indexing without enough safety guidance.

Install only if you are comfortable reviewing the generated pack before using or sharing it. Run the dry-run first, inspect or remove the copied `.obsidian/` folder, and remember that adding the pack to OpenClaw defaults makes that content available to future memory searches until you remove the path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly instructs the agent to read from an Obsidian vault and write a converted copy to a new ExpertPack location, yet it declares no permissions. That mismatch is a real security issue because it hides the actual filesystem capabilities required, preventing policy enforcement and informed user consent about what paths may be accessed or written.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The converter copies the entire `.obsidian` directory from the source vault into the generated pack, which can transfer plugin configurations, workspace state, community plugin settings, and other executable or behavior-influencing metadata unrelated to content conversion. In this skill context, that is risky because the output is explicitly intended for agent and OpenClaw use, so hidden configuration copied from an untrusted vault may expand attack surface or propagate unsafe settings into downstream tooling.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Full `.obsidian` configuration copying is broader than required for a vault-to-ExpertPack content transformation and introduces unnecessary privilege over user-supplied data. Because Obsidian configs can embed plugin state and references that affect later application behavior, this unjustified capability makes the converted output less trustworthy and can facilitate configuration smuggling into environments that open the result.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal