Obsidian Perfect
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate Obsidian automation skill, but it gives the agent broad read/write/delete control of your vault through an API key that is under-declared in the registry metadata.
Install this only if you intentionally want an AI agent to control your Obsidian vault. Back up the vault first, verify OBSIDIAN_URL points to your local Obsidian REST API, protect the API key, and require explicit confirmation before deletes, moves, bulk edits, or generic Obsidian commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could change or remove notes, folders, tasks, templates, or run broad Obsidian commands in the user's vault.
The skill documents tools that can modify, delete, and move vault content, plus a generic Obsidian command execution capability. These are purpose-related but high-impact and not tightly scoped in the provided docs.
| `note-update` | Atualizar (append/prepend/replace/section) | | `note-delete` | Deletar com confirmação obrigatória | | `folder-delete` | Deletar pasta com confirmação | | `obsidian-command` | Executar comandos do Obsidian |
Use only with a backed-up vault, require explicit approval for destructive or bulk actions, and avoid giving the agent open-ended command requests.
A user may not realize from the registry metadata that installation requires granting API-based access to their Obsidian vault.
The package declares an Obsidian API key and URL as required, while the registry metadata says there are no required env vars and no primary credential. That under-declares a credential that enables vault access.
"required_env": [ "OBSIDIAN_API_KEY", "OBSIDIAN_URL" ]
Treat the Obsidian API key as sensitive, verify the target URL is your local Obsidian instance, and update metadata to declare the required credential and access scope.
Users have less registry-level information to verify where the runnable tool code came from or what setup it needs.
The registry provenance and install metadata are sparse even though the package contains many JavaScript tool files. The provided code shown is purpose-aligned and the static scan is clean, so this is a provenance/install-context note rather than proof of malicious behavior.
Source: unknown Homepage: none No install spec — this is an instruction-only skill. Code file presence 142 code file(s)
Install only from a trusted source and compare the package contents with an expected repository or signed release when possible.
Private journal entries, project notes, or other sensitive vault content could be surfaced to the agent during searches, summaries, or health checks.
The skill is designed to read and search vault content, including daily notes. This is expected for Obsidian assistance, but it means private notes may be loaded into the agent context.
| `search-text` | Busca full-text no vault | | `daily-read` | Ler daily de uma data específica | | `vault-stats` | Estatísticas completas do vault |
Avoid connecting vaults containing sensitive material unless you are comfortable with the agent reading it; consider using a separate vault or limiting the API-accessible content.