Back to skill
Skillv1.0.2
VirusTotal security
OpenClaw Skill: Obsidian Markdown to Cloudflare Pages · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:14 AM
- Hash
- b0b8e0cb44a74cd1ca05446aac1c145ecd64cfa1ef51ca0c26a8e7de15f7f8fb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-skill-obsidian-cloudflare-pages Version: 1.0.2 The skill is classified as suspicious due to a shell injection vulnerability in the `sh` function within `bin/publishmd-cf.js`, where configuration values (such as project names or branches) are directly interpolated into `execSync` calls without sanitization. The script also performs local data discovery by reading the Obsidian application's internal configuration file (`obsidian.json`) to locate vaults and handles sensitive credentials by writing them into a generated `_middleware.js` file for deployment. While these actions are aligned with the stated purpose of automating Obsidian-to-Cloudflare publishing, the lack of input validation and the handling of secrets represent significant security flaws.
- External report
- View on VirusTotal