ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Obsidian Clipper

v2.1.1

Save web content (articles, videos, notes) to Obsidian vault with automatic classification, intelligent naming, and content extraction. Supports: 小红书 (Xiaoho...

0· 154·0 current·0 all-time
by@flyeasy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's declared purpose (clip web content to an Obsidian vault) aligns with the SKILL.md instructions (fetch content, format Markdown, write to vault). However README and SKILL.md reference external tools (obsidian-cli, browser snapshots, web_fetch/web_search/write tools) while the registry metadata declares no required binaries — a mild inconsistency. Shipping a pre-filled config.json pointing to the author's personal vault path is unexpected for a general-purpose skill.
!
Instruction Scope
Runtime instructions tell the agent to read/create a config.json from the skill directory and to write files to the filesystem (vault_path). Because a config.json is included in the package, the skill would use that existing config without prompting the user, potentially attempting writes to the hardcoded path. Instructions also require web_fetch/web_search/browser snapshot capabilities; they don't direct data to external endpoints outside normal web fetching, but the silent/automatic saving behavior and reading/writing of local paths merit caution.
Install Mechanism
This is an instruction-only skill with no install spec or code to download/execute. That is the lowest install risk. README suggests optional install methods (clawhub/git clone) but nothing in the package executes arbitrary downloads at install time.
!
Credentials
The skill requests no environment variables or credentials (good), but the included config.json hardcodes an absolute vault_path and a collector_name (author's iCloud/Obsidian path). Bundling a user-specific absolute path is disproportionate/unexpected and could cause the skill to operate on an unintended filesystem location or leak the author's usage pattern. The SKILL.md also references tools (obsidian-cli, browser) not declared in metadata.
Persistence & Privilege
The skill does not request always:true or other elevated privileges. It will create/modify config.json in its own directory and write Markdown files into the user-specified vault_path; this is expected for its purpose. Be aware the skill is allowed to run autonomously by default (disable-model-invocation: false), which combined with silent auto-save behavior could result in files being written without follow-up confirmation unless the platform enforces user prompts on skill invocation.
What to consider before installing
Before installing or using this skill: - Inspect and edit the included config.json immediately. It ships with an absolute vault_path and collector_name belonging to the author; change the vault_path to your intended location or delete the file so the skill must prompt you on first run. - Understand that the skill writes Markdown files to whatever vault_path is present in config.json — test with a disposable folder first to confirm behavior. - Ensure the platform 'write' and 'web_fetch'/'web_search' tools it expects are the ones you trust; the SKILL.md also mentions browser snapshot and obsidian-cli (not declared in metadata). Install obsidian-cli only if you need CLI integration. - Because classification is silent by default, consider instructing the skill to prompt you for classification or review saved items until you’re comfortable with automatic behavior. - If you are concerned about autonomous invocation, consider disabling autonomous skill invocation or only enabling this skill when explicitly invoked. These steps reduce the risk of unexpected writes or privacy issues stemming from the packaged configuration and silent-save behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk973v03xtk7p6ahztpq07wsbfd83adf9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments