Forge Obsidian Brain
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a local Obsidian notes tool, but it needs review because its file paths can escape the vault and deletes do not enforce the promised confirmation.
Install only if you are comfortable with a local agent reading and writing your Obsidian vault and OpenClaw memory. Back up your vault first, avoid passing untrusted note paths, use --dry-run before sync, and require manual review for update/delete operations until vault path containment and delete confirmation are fixed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted note path could let the agent read, overwrite, create, or delete Markdown files outside the intended Obsidian vault.
Note paths are joined to the vault path without a canonical containment check that rejects '..' traversal or prefix-confusable absolute paths, then the resulting path is used for writes and deletes.
function resolveNotePath(vaultPath, notePath) { ... return path.join(vaultPath, notePath); } ... fs.writeFileSync(fullPath, content, 'utf8'); ... fs.unlinkSync(fullPath);Resolve paths with path.resolve, verify the final path remains inside the vault using a path boundary check, and apply this to read/list/create/update/delete and sync destinations.
A user may believe deletes require an extra approval, while an agent/tool invocation can remove a note immediately.
This safety assurance is contradicted by the provided delete implementation, which calls fs.unlinkSync on the target path without an implemented prompt or confirmation check.
Destructive actions require explicit confirmation: - `delete` command requires confirmation
Implement an explicit confirmation prompt or required flag such as --yes for deletes, or correct the documentation and require user review before destructive commands.
Notes placed in synced vault folders can become long-lived agent context and may influence future responses.
The skill intentionally writes vault content into persistent OpenClaw memory, which can be reused by the agent in later tasks.
`~/.openclaw/workspace/memory/*.md` — Vault entries synced back to memory
Use --dry-run first, sync only trusted notes/folders, and consider adding review or allowlist controls for vault-to-memory imports.