Skillv0.1.0

ClawScan security

Obsidian Cloudflare Pages · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 11:00 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required credentials match its stated purpose (publishing Obsidian/Markdown to Cloudflare Pages); behaviour is coherent but it performs destructive file operations (workspace/content clears) and stores some config in plaintext, so use caution and dedicated test workspace.
Guidance: This skill appears to do what it says: sync selected Markdown from an Obsidian vault, build with Quartz, and deploy to Cloudflare Pages. Before running it: 1) Use a dedicated test workspace directory (the tool runs rm -rf on the publish content folder and may clear the workspace during bootstrap). 2) Provide a scoped Cloudflare API token (Pages:Edit and DNS:Edit only if you need DNS automation). 3) Keep secrets out of chat and prefer the skill-local .env (and never commit your .env or config.json with real credentials). 4) Review config/config.json after running the wizard — basic auth credentials may be stored in plaintext there unless you move them to a protected .env. 5) If you're not on macOS, vault auto-detection may not work (the script checks a macOS-specific path). If any of these behaviours are unacceptable (deletion of workspace files or plaintext credentials), do not install or run the skill until you have reviewed/modified the code and configured a safe workspace.

Review Dimensions

Purpose & Capability: okName/description (publish Obsidian/Markdown to Cloudflare Pages) align with the included CLI (bin/publishmd-cf.js), README, and SKILL.md. Required binaries and env vars described in the docs (node, rsync, npm, npx, quartz, wrangler, CLOUDFLARE_API_TOKEN / CLOUDFLARE_ACCOUNT_ID) are exactly what a Cloudflare Pages deployer + static-site builder would need.
Instruction Scope: noteInstructions and the CLI operate within the publishing workflow (init, wizard, sync, build, deploy). The script intentionally reads an Obsidian config file (~/Library/Application Support/obsidian/obsidian.json) to detect vaults — this is consistent with its purpose but is macOS-specific. The sync step runs destructive commands (rm -rf "<dest>"/* and rsync into the workspace) and the README/SKILL.md explicitly warn that a fallback bootstrap may clear files in the configured workspace. These destructive operations are expected for a sync/deploy tool but mean you should point the skill at a dedicated/test workspace and review config before running.
Install Mechanism: okNo install spec — instruction-only with a bundled Node CLI. That is the lowest-install-risk category. The script uses child_process.execSync to invoke system binaries (rsync, npx, wrangler), which is expected for a CLI orchestration tool and matches the declared prerequisites.
Credentials: noteThe skill does not require unrelated credentials. It expects Cloudflare API token and account id environment variables (names configurable) — appropriate for deploying to Pages. A caution: the wizard and config store basic-auth username/password and some settings in the skill-local config/config.json (and .env is recommended for tokens). Storing credentials in config.json or leaving .env in an unprotected location would expose secrets; the docs recommend .env and not committing personal config.
Persistence & Privilege: okalways:false and normal autonomous invocation defaults. The skill writes its own config (config.json), may create middleware at <workspace>/functions/_middleware.js for basic auth, and will modify files under the configured workspace/content directory. It does not request elevated agent-wide privileges or edit other skills' configs. Because it can delete/overwrite workspace content, the user should configure an isolated workspace.