ClawHub

Web Article to Obsidian

Security checks across malware telemetry and agentic risk

Overview

This skill’s article-saving purpose is clear, but it includes under-scoped scraping bypass behavior and third-party extraction fallbacks that users should review before installing.

Install only if you intend to archive web articles into Obsidian and are comfortable with automatic scraping fallbacks. Use it only on public or authorized pages, avoid private/paywalled/tokenized URLs, and do not configure Tavily or Firecrawl unless you accept that URLs or content may be handled by those providers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad everyday expressions such as '保存文章' and '抓取文章', which can cause the skill to activate in conversations where the user did not intend file writes or network fetching. Because this skill performs multi-step external retrieval and local persistence, accidental activation increases the chance of unintended data transfer or unwanted modification of the Obsidian repository.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill's core purpose is to save fetched article content into a local Obsidian vault, but it does not prominently warn that user data will be written to disk. This can lead to silent persistence of sensitive or copyrighted content in a personal knowledge base, especially if the skill is triggered unintentionally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill routes URLs and potentially page content through third-party services such as Tavily and Firecrawl, but it does not clearly disclose that data may be transmitted to external providers. This is risky because private, tokenized, or sensitive URLs could be exposed outside the local environment without informed user consent.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The documentation instructs use of the TAVILY_API_KEY environment variable but does not tell users when credentials will be accessed or how they are protected. In a skill that also uses shell and network operations, undisclosed credential access increases the risk of over-privileged execution and accidental leakage through logs or downstream tools.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill persists remotely fetched content, titles, authors, URLs, and timestamps into the local Obsidian vault by default, without an explicit confirmation or prominent warning. Because the fetched data is untrusted remote content, this can lead to unwanted retention of sensitive material or storage of attacker-controlled Markdown/YAML content in a user knowledge base.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal