Forge Obsidian Brain
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted note path could let the agent read, overwrite, create, or delete Markdown files outside the intended Obsidian vault.
Note paths are joined to the vault path without a canonical containment check that rejects '..' traversal or prefix-confusable absolute paths, then the resulting path is used for writes and deletes.
function resolveNotePath(vaultPath, notePath) { ... return path.join(vaultPath, notePath); } ... fs.writeFileSync(fullPath, content, 'utf8'); ... fs.unlinkSync(fullPath);Resolve paths with path.resolve, verify the final path remains inside the vault using a path boundary check, and apply this to read/list/create/update/delete and sync destinations.
A user may believe deletes require an extra approval, while an agent/tool invocation can remove a note immediately.
This safety assurance is contradicted by the provided delete implementation, which calls fs.unlinkSync on the target path without an implemented prompt or confirmation check.
Destructive actions require explicit confirmation: - `delete` command requires confirmation
Implement an explicit confirmation prompt or required flag such as --yes for deletes, or correct the documentation and require user review before destructive commands.
Notes placed in synced vault folders can become long-lived agent context and may influence future responses.
The skill intentionally writes vault content into persistent OpenClaw memory, which can be reused by the agent in later tasks.
`~/.openclaw/workspace/memory/*.md` — Vault entries synced back to memory
Use --dry-run first, sync only trusted notes/folders, and consider adding review or allowlist controls for vault-to-memory imports.