Back to skill
Skillv2.0.0
VirusTotal security
Flomo to Obsidian Sync Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:51 AM
- Hash
- 4a9a0b71bc927092a9b357e54adac899400f4ed64983de96114f16b858e1482d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: flomo-to-obsidian Version: 2.0.0 The skill bundle provides a toolset for syncing Flomo notes to Obsidian, which involves high-risk capabilities such as handling raw user credentials and browser automation. The 'setup.sh' script and 'SKILL.md' instructions guide the agent to collect the user's Flomo email and password to store them in a local '.env' file, while 'scripts/auto_sync.py' uses Playwright to automate the login and export process on the Flomo website. Although these actions are aligned with the stated purpose and the developer has included a 'safe mode' ('scripts/auto_sync_safe.py') to mitigate password storage risks, the inherent risk of credential handling and automated third-party account access warrants a suspicious classification. No evidence of malicious exfiltration or intentional self-exploitation was found.
- External report
- View on VirusTotal