ClawHub

git-backed-obsidian-cli-workflows

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill is mostly aligned with Obsidian note workflows, but its fallback writer can write outside the vault if given an unsafe note path.

Only use this with a known Obsidian vault and Git remote. Confirm NOTES_VAULT_ROOT is set correctly, avoid unsafe note paths, and be aware that successful writes may commit and push all pending changes in the vault.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Medium
What this means

A crafted or mistaken note path could cause the agent to create, append, or overwrite files outside the Obsidian vault, within the permissions of the running user.

Why it was flagged

The append/create fallback paths join the requested note path to the vault root without rejecting absolute paths or '..' traversal before writing.

Skill content
path = VAULT_ROOT / normalize_note(args.note) ... append_plain(path, args.content + "\n")
Recommendation

Resolve the target path before writing and reject absolute paths or any path that does not remain inside the configured vault root.

#ASI08: Cascading Failures
Medium
What this means

Unrelated edits or untracked files already present in the vault could be committed and pushed along with the intended note update.

Why it was flagged

After a write, the backup script stages all vault changes and pushes them to the remote repository, not just the specific note changed by the workflow.

Skill content
git add -A ... git commit -m "notes update ..." ... git push origin "$CURRENT_BRANCH"
Recommendation

Before using auto-sync, confirm the vault root, branch, and remote are correct; consider limiting commits to the target note or prompting before broad pushes.

#ASI03: Identity and Privilege Abuse
Low
What this means

The skill can mutate a remote Git repository under the user's existing Git permissions.

Why it was flagged

The sync step will use the user's configured Git credentials or SSH keys to read from and write to the configured remote repository.

Skill content
git pull --rebase --autostash origin "$CURRENT_BRANCH"
git push origin "$CURRENT_BRANCH"
Recommendation

Use a vault-specific repository and least-privilege Git credentials, and verify the configured remote before enabling automatic sync.