ClawHub

Snippets Sync

v1.0.1

Sync code snippets and notes between machines via file sync. Organized by language, rendered in any Markdown viewer (Obsidian, VS Code, etc.).

0· 39·0 current·0 all-time
by@cdmichaelb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: read/write .md files in a user-specified vault for Obsidian-style snippet sharing. No unrelated binaries, credentials, or installs are requested.
Instruction Scope
SKILL.md confines operations to .md files inside the designated vault and explicitly warns not to touch .obsidian/ or other config/credential locations. This is appropriate, but the fallback/default vault path (~/snippets-vault) and the skill's ability to read/write files mean the user must ensure SNIPPETS_VAULT_PATH points to a dedicated directory that contains no secrets.
Install Mechanism
No install spec or code is included (instruction-only). Nothing is downloaded or written to disk by the skill itself.
Credentials
No credentials or sensitive environment variables are requested. The only env var is an optional SNIPPETS_VAULT_PATH to point at the vault, which is appropriate for the stated purpose.
Persistence & Privilege
always is false and there is no install-time persistence. The skill can be invoked autonomously by the agent (default), which is normal—there's no elevated or system-wide privilege requested.
Assessment
Before enabling: ensure SNIPPETS_VAULT_PATH points to a dedicated directory that contains no private keys, password stores, or other secrets (don't point it at your home dir). Secure the file-sync channel (Syncthing/rsync) and the devices that receive the vault. Review any files the agent writes to the vault before they sync to other machines, and consider restrictive filesystem permissions or a separate sync profile for the vault. If you want to limit risk further, disable autonomous invocation for this skill or require explicit confirmation before the agent writes files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97agqxavtxq6a95de1d1w7zkx849mkm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments