Skillv1.1.0

ClawScan security

Obsidian Save Article · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 10:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what it claims (save web articles and images into a local Obsidian vault); included scripts and instructions are coherent with that purpose and there are no hidden network endpoints or unrelated credential requests.
Guidance: This skill is coherent with its stated goal, but take these precautions before installing: (1) Review the included Python scripts (they are bundled and will be executed locally) and only use if you trust the source. (2) When configuring the vault path, point it to a folder you control (don’t accidentally point to system folders or other apps’ data). (3) The skill will fetch arbitrary web pages and download images — avoid using it on pages containing highly sensitive personal data unless you understand how the browser tool and scripts capture content. (4) Because exec/read/write are allowed, run this skill in a normal user account (not as root) and consider sandboxing if you are uncertain. (5) No secrets or unrelated credentials are requested by the skill; if a future version asks for API keys or cloud credentials, treat that as a red flag.

Review Dimensions

Purpose & Capability: okThe name/description (save webpage to Obsidian, fetch images, convert to Markdown) matches the included scripts and SKILL.md. The skill only asks to read/write local Vault paths, fetch pages (Jina.ai or direct HTTP) and download images — all are consistent with saving articles locally.
Instruction Scope: noteInstructions read/write a config at ~/.obsidian-save-article-config.json, open arbitrary URLs via Jina.ai or a browser tool, and run the included Python download_images.py to fetch and save images. This is in-scope, but it means the agent will fetch arbitrary web pages (including pages behind logins if browser is used) and will write files to user-specified filesystem locations. The allowed-tools list includes exec which is used to run the Python scripts — expected but worth noting.
Install Mechanism: okNo install spec or external downloads; the skill is instruction-only but bundles two Python scripts which are executed locally. Nothing is pulled from third-party release URLs or installed into system paths.
Credentials: noteThe skill requests no environment variables or external credentials. It does write a config file to the user's home (~/.obsidian-save-article-config.json) and will create directories under the user-provided vault path. Users should be aware they are granting the skill permission to write files anywhere they point the vault path (including potentially sensitive folders if mis-specified).
Persistence & Privilege: okalways:false and standard model invocation; the skill stores only its own configuration file and creates a vault subdirectory for images. It does not modify other skills or system-wide settings.