Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cli Obsidian
v1.0.0Command-line tool to create, read, search, and export Obsidian notes locally with JSON output support for agent integration.
⭐ 0· 31·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included code: all commands operate on local Markdown files and implement create/read/search/export for an Obsidian vault. Nothing in the code requires cloud credentials or unrelated system access. However, the package metadata and setup.py declare dependencies (pyyaml, rich, prompt_toolkit) that are not referenced in the codebase — disproportionate to the observable implementation. Also the registry metadata states 'no install spec / instruction-only' while the bundle includes a full Python package and setup.py, which is an inconsistency to clarify.
Instruction Scope
SKILL.md instructs pip install -e . and shows only local file operations and CLI usage. Runtime instructions do not direct the agent to read unrelated system files or to transmit data externally. The code auto-detects common vault locations (home/Documents etc.) and defaults to the current working directory — expected for this use-case but means an agent invoking the CLI could read/write files wherever the agent's process has access.
Install Mechanism
There is no platform-level install spec declared in the registry, but SKILL.md tells users to run pip install -e . which will execute setup.py. setup.py pulls several dependencies from PyPI; most are benign and well-known, but they are not used in the included source files (click is used but also listed). The lack of a declared install spec while shipping code means the platform/maintainer may not be managing the install step — verify how the skill will be installed and that provided dependencies are intentional.
Credentials
The skill requests no environment variables, no credentials, and no config paths. It accesses the user's filesystem (vault path discovery and file read/write) which is proportional to its stated purpose. Note: automatic vault discovery scans common home/document paths — installing or running this skill gives the agent potential access to files under the agent's working/home directories, so use least-privilege when invoking.
Persistence & Privilege
Flags show no forced persistence (always: false) and default autonomous invocation is allowed (disable-model-invocation: false) which is normal for CLI skills. The skill does not attempt to modify other skills or global agent settings. If you are concerned about an agent autonomously invoking a tool that can read/write local files, consider disabling autonomous invocation or restricting the agent's runtime permissions.
What to consider before installing
This package appears to implement a straightforward local Obsidian CLI and does not request credentials or reach out to external endpoints. However, before installing or enabling it for an agent: 1) Confirm the install path — the registry lists no install spec but SKILL.md asks you to pip install -e .; installing will run setup.py and pull PyPI dependencies. 2) Audit setup.py and requirements (pyyaml, rich, prompt_toolkit) to ensure those dependencies are intended. 3) Review the bundled code (already included) yourself or in a sandboxed environment; the tool will read and write files in the provided vault path and may auto-detect locations under your home directory. 4) If you plan to allow autonomous agent invocation, restrict the agent's filesystem access (run in a chroot/container or set a vault-path pointing to a safe directory) to avoid accidental exposure of unrelated files. 5) Ask the publisher to clarify licensing/installation inconsistencies (README/CLAWHUB files contain contradictory licensing/pricing notes). If these inconsistencies are explained and you run the tool in a restricted environment, the risk is low; otherwise proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2hnn01a8gp4frfjp5xb1fn84014w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.