Back to skill
Skillv0.1.0
VirusTotal security
Obsidian Cloudflare Pages · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:06 AM
- Hash
- 81fe0e798b400c3c1ff25a68658656e872e76c1022d13caba53ebded03d50892
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: obsidian-cloudflare-pages-skill Version: 0.1.0 The skill provides legitimate automation for publishing Obsidian notes to Cloudflare Pages, but the implementation in 'bin/publishmd-cf.js' contains significant security vulnerabilities. It uses 'execSync' to execute shell commands (rsync, wrangler) with unsanitized input from the configuration file, creating a high risk of command injection if the config is manipulated. Additionally, the 'ensureBasicAuthMiddleware' function generates a Cloudflare Worker script with hardcoded credentials, and the 'sync' function performs 'rm -rf' on paths derived from user-controlled configuration without adequate validation.
- External report
- View on VirusTotal