Obsidian-Git-Vault
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for managing and syncing an Obsidian Markdown vault with Git, but users should intentionally approve Git remote sync and the optional recurring cron job.
This looks safe for its stated purpose if you want an agent to manage an Obsidian vault with Git. Before installing, confirm the vault path, review changes before committing/pushing, use a private remote with narrow credentials, and only enable the two-hour cron sync if you are comfortable with recurring background activity.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create, edit, delete, commit, pull, and push vault content when the user asks for those actions.
The skill authorizes file mutation and Git push/pull workflows, which can change local notes and remote repository state, but this is central to the stated purpose and is described as user-directed.
用户说「备份到 GitHub / 同步」时:先 `status`,再按需 `add`/`commit`,最后 `push`
Confirm the vault path and review Git status/diffs before approving commits, pulls, pushes, or deletions.
Git push/pull may use your SSH key, PAT, GitHub CLI, or credential helper to access a remote notes repository.
The skill may rely on Git hosting credentials or local credential helpers for remote operations, but it explicitly recommends minimal scopes and not sharing secrets in chat or committing them.
HTTPS + PAT(Personal Access Token)... 勾选 repo... 不要勾选 `delete_repo`、workflow、整账户 admin
Use a private repository if notes are sensitive, prefer SSH or narrow-scoped tokens, and never paste private keys or full tokens into the conversation.
If enabled, the sync check may run repeatedly in the background about every two hours until the user disables or changes the cron job.
The script can register a recurring OpenClaw job for vault sync, creating persistent scheduled agent activity; the SOP states this requires prior user consent.
openclaw cron add --name "$NAME" --cron "$EXPR" --tz "$TZ" --session isolated --message "$MSG"
Only enable the cron job if you want recurring sync, and make sure you know how to list, pause, or delete the OpenClaw cron job.
Users may not realize from metadata alone that the skill includes shell helpers and expects Git or OpenClaw for some operations.
The package metadata under-describes the included helper scripts and expected local tools, although the script contents are provided and align with the documented Git/vault workflows.
No install spec — this is an instruction-only skill; Code file presence: 6 code file(s)
Review the included scripts before using helper commands, and ensure git/openclaw are installed only if you intend to use those workflows.
Private note contents may be read by the agent and used in responses or Git commits when you request note search or editing.
The skill reads and searches local Markdown notes as task context, which is expected for an Obsidian helper and is bounded to the selected vault.
在 vault 根下 `Glob`... 在 vault 根下 `Grep`... 对命中列表再 `Read` 必要文件
Use a vault path you trust, avoid asking the agent to read highly sensitive notes unless needed, and keep secrets excluded from the vault or ignored by Git.