Obsidian Ontology Sync
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: obsidian-ontology-sync Version: 1.0.1 The skill's code (`scripts/sync.py`) and documentation (`SKILL.md`, `README.md`) are aligned with its stated purpose of synchronizing Obsidian notes with an ontology. The Python script performs local file system operations (reading markdown, writing JSONL files) and text processing using standard libraries. There is no evidence of data exfiltration, malicious execution (e.g., `os.system`, network calls), persistence mechanisms beyond its stated cron job setup for legitimate scheduling, or prompt injection attempts against the OpenClaw agent. All file access and operations are confined to the user's specified Obsidian vault and ontology storage paths.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private contact, client, project, and team-status details may be consolidated into a persistent machine-readable graph.
The skill is designed to extract sensitive personal, business, and behavioral information from notes into a structured ontology, which may later be queried or reused.
Extracts: - `Person` entity (name, email, phone) ... `has_contract_value` ... `response_pattern` ... `behavioral_pattern` tracking
Review the configured source folders, avoid syncing notes that should remain private, and consider retention or cleanup practices for the generated ontology.
If enabled, the skill may repeatedly process changed notes without a fresh manual review each time.
The README recommends a recurring cron schedule, meaning the sync can continue running automatically after setup.
cron add \
--schedule "0 */3 * * *" \
--payload '{"kind":"systemEvent","text":"Run obsidian-ontology sync"}'Only enable the cron job if recurring automatic sync is desired, and test first with the documented dry-run command.
Users may have less ability to verify where the script came from or how dependencies should be installed.
The registry information does not provide an upstream source or installation specification, so users have less provenance context for the included script.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included script before running it and confirm required Python dependencies, such as PyYAML, are installed from trusted sources.