Save to Obsidian
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: save-to-obsidian Version: 1.1.0 The skill is designed to save markdown content to a remote Obsidian vault via SSH, a purpose clearly stated and consistently reflected across all files. The `save-to-obsidian.sh` script uses `scp` with quoted variables, which helps prevent shell injection, and includes filename sanitization for robustness. While it performs network operations and relies on pre-configured SSH keys, these are inherent to its stated functionality and are not indicative of malicious intent. There is no evidence of data exfiltration, persistence mechanisms, obfuscation, or prompt injection attempts designed to subvert the agent for harmful purposes.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A saved note can create or replace a file in the remote Obsidian vault.
The use of scp is expected for this skill, but it gives the agent the ability to write to the configured remote vault, and the artifact explicitly notes that filename collisions overwrite without warning.
Copy to remote vault: `scp <filepath> user@remote-host:/path/to/obsidian/vault/` ... Duplicate filename: overwrites silently
Verify the destination vault and filename before saving important content; consider adding an existence check or explicit overwrite confirmation.
The skill can authenticate to the configured SSH host and write files using whatever permissions that SSH account has.
SSH authentication is purpose-aligned for copying to a remote vault, but it relies on local SSH credentials and the configured remote account.
Uses existing SSH key auth (no password) ... SSH key path | Path to SSH private key (default: `~/.ssh/id_rsa`)
Use a dedicated SSH key or remote account limited to the intended Obsidian vault directory, and keep the TOOLS.md host/path configuration under your control.
Installation may require manual setup that is not captured by the registry metadata, and a misconfigured script or SSH setup could save to the wrong place.
The metadata under-declares runtime expectations because the included README and script require SSH/scp setup and a save-to-obsidian shell script.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill
Before using it, confirm the installed script path, scp availability, SSH host, and vault path match your intended Obsidian vault.