Back to skill
Skillv1.0.1
ClawScan security
Obsidian Headless · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 5:31 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested accesses are consistent with a headless Obsidian CLI: it operates on a user-specified vault directory, stores a local config, and does not request unrelated credentials or network endpoints.
- Guidance
- This skill appears to do what it says: a local Bash CLI to manage an Obsidian vault. Before installing, review the included scripts yourself and consider: 1) set OBSIDIAN_VAULT to your vault path or verify ~/.config/obsidian-headless/vault-path after first run; 2) run install.sh only if you accept adding an 'obs' alias and a possible /usr/local/bin symlink; 3) back up your vault before running delete operations or automated tests (tests/scripts do remove files and the test cleanup uses OBSIDIAN_VAULT — running tests with that variable unset can produce unexpected behavior); 4) the code is local and contains no network exfiltration, but standard file-operation risks (delete, overwrite) apply — pay attention to confirmation prompts and path validation messages.
Review Dimensions
- Purpose & Capability
- okName/description (manage Obsidian vault headless) align with the included scripts and docs. The scripts operate on a vault path, provide create/search/delete/daynote features, and require only typical shell utilities. No unrelated cloud creds, services, or binaries are requested.
- Instruction Scope
- noteSKILL.md and README clearly document runtime behavior (reads/saves ~/.config/obsidian-headless/vault-path, can use OBSIDIAN_VAULT env var). Scripts prompt for a vault path and explicitly validate paths to keep operations inside the vault. Deletion operations print previews and emit markers (DELETE_CONFIRM:..., MULTI_DELETE_CONFIRM:...) that are intended for interactive confirmation — this is expected but means an automated agent will parse file paths and previews when confirming deletes. The README/USAGE are explicit; no instructions request unrelated system files or secrets.
- Install Mechanism
- okThere is no remote download/install spec in the registry metadata; the repo includes a local install.sh that creates an alias and attempts a symlink in /usr/local/bin if writable. All code is present in the bundle — no network fetches or opaque installers. Installing will modify user shell rc or create a symlink if permitted, which is normal for a CLI tool but requires user consent.
- Credentials
- noteThe skill requests no secrets or external credentials. It uses a local config file (~/.config/obsidian-headless/vault-path) and optionally the OBSIDIAN_VAULT env var; both are reasonable for vault location configuration. The tests and scripts assume OBSIDIAN_VAULT may be set; running tests without setting it can cause interactive prompts. No unrelated environment variables or credentials are requested.
- Persistence & Privilege
- notealways:false and normal autonomous invocation settings. The install script writes a config file and optionally an alias/symlink (user-level changes). This is typical for CLI tools. There are no indications the skill modifies other skills or system agent configurations beyond adding an alias/symlink.