Back to skill
Skillv1.1.0
ClawScan security
Obsidian Daily Note · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 10:10 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements align with its stated purpose (creating and writing Obsidian daily notes); it is an instruction-only skill with no install, credentials, or unrelated requests.
- Guidance
- This skill appears coherent with its stated purpose. Before installing or using it, decide how you will supply the vault/base path (so the agent only writes where you expect), and limit the agent's filesystem permission to that vault if possible. Review generated notes before saving if you are concerned about sensitive content being pulled from broader conversation history. On Windows, follow the provided UTF-8 write guidance to avoid encoding problems. If you want tighter control, require the agent to output note content for manual saving rather than allow automatic writes.
Review Dimensions
- Purpose & Capability
- okName/description (Obsidian daily notes) match the SKILL.md content: templates, filename conventions, vault layout, and write workflow. No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- noteThe workflow instructs the agent to "collect today's activities from session context" and to write files to a user-specified vault path. This is consistent with the feature but is a bit vague: it gives the agent broad discretion over what conversational/contextual data to use and instructs writing files to disk. The skill does not instruct reading arbitrary system files, shell history, or external endpoints.
- Install Mechanism
- okNo install spec or code — instruction-only. This minimizes the risk of arbitrary code being downloaded or executed on install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The only implicit requirement is that the user supplies the vault/base path and that the agent has permission to write files there, which is proportional to the skill's purpose.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent elevated privileges or modification of other skills or system-wide settings.