Obsidian Tasks
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: obsidian-tasks Version: 0.1.2 The skill is designed to set up and manage an Obsidian task board. The `SKILL.md` instructs the AI agent to execute `scripts/setup.py`, which creates a specified folder and two markdown files (`Board.md` and `Dashboard.md`) within a user-provided Obsidian vault path. The Python script performs only these file creation/writing operations, without network access, reading sensitive files, or executing arbitrary commands. All actions are clearly aligned with the stated purpose and lack any high-risk behaviors or prompt injection attempts against the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent or user-run setup script can create and later help update task-board Markdown files in the selected Obsidian vault.
The helper creates directories and writes Board.md/Dashboard.md under a user-supplied vault/folder path. This is disclosed and central to the skill, but it is still local file mutation that should be pointed at the intended vault.
folder_path = os.path.join(vault, args.folder)
os.makedirs(folder_path, exist_ok=True)
...
with open(board_path, "w") as f:
f.write(create_board(folder_path, columns))Run setup only with an explicit trusted vault path and folder, and consider using Obsidian sync history, backups, or version control before letting an agent manage tasks.
Users have less external provenance information to rely on and should trust the provided artifacts themselves before running the helper script.
The skill has limited provenance metadata and includes helper scripts despite no install spec. The included scripts are small and purpose-aligned, so this is a review note rather than a concern.
Source: unknown Homepage: none ... No install spec — this is an instruction-only skill. ... 2 code file(s): scripts/publish_clawhub.sh; scripts/setup.py
Review the included scripts before use, install Obsidian community plugins from their expected sources, and avoid running the maintainer publishing helper unless you are maintaining the skill.
Task details, priorities, due dates, and links to supporting notes will persist in the vault and may be visible to any tool or agent with access to that vault.
The skill stores structured task metadata and notes persistently in the Obsidian vault. This is the intended functionality, but task content may include personal or business context that future Obsidian views or agents can read.
Each task is a separate markdown file with YAML frontmatter: ... status: todo priority: P1 category: revenue created: 2026-02-03 due: 2026-02-07
Avoid putting secrets in task notes, keep vault access limited, and review linked notes before asking an agent to use them as context.