Back to skill
Skillv1.0.0
VirusTotal security
web-to-obsidian · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:21 AM
- Hash
- 3a52f7b74031d7e2c06fe53409e7ac2e212c0d50d39797a94986c760c6aff562
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web-to-obsidian Version: 1.0.0 The skill contains security vulnerabilities, specifically the intentional disabling of SSL certificate verification (ssl.CERT_NONE) in both scripts/fetch.py and scripts/smart-url.py, which exposes the agent to man-in-the-middle attacks. While the core functionality of sending URLs to third-party services like r.jina.ai and markdown.new is aligned with the stated purpose of web scraping, the lack of transport security and the execution of shell commands for file management (temp.md) and external CLI interactions (obsidian-cli) present a high-risk profile for an automated agent.
- External report
- View on VirusTotal