Obsidian Brain
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may spend every interaction searching and injecting old memory, even when the user did not ask for memory use.
The skill makes memory search mandatory for any user message, even trivial or unrelated ones, which can override the user's immediate task flow.
任何用户消息(即使只是一个文件名)都是对话开始信号,必须先执行第0步搜碎片。文件名≠跳过符。
Limit mandatory memory loading to explicit memory-related tasks, or require a user-visible opt-in/skip option before reading prior fragments.
If the agent has publishing access, it could publish a modified skill version as part of the workflow without a clear confirmation step.
Publishing a new ClawHub version is a high-impact account/registry action, and the instruction does not require explicit user approval or explain why it is necessary for an Obsidian memory skill.
N+2. ⚠️ 如果本技能(obsidian-brain)被编辑 → clawhub publish 新版本
Remove automatic publish instructions from the skill workflow, or require a separate explicit user command and confirmation before any publish action.
Sensitive or incorrect facts from a conversation could be stored and later reused across sessions, influencing future answers.
The skill both injects retrieved memory into context and writes new persistent fragments immediately, without a clear approval, exclusion, correction, or containment policy.
search_files → L0 → 相关则L1 → 注入上下文 ... 任一"是" → 立即写入,同轮次完成。不等不拖。
Ask before writing persistent memory, keep memory scoped to a clearly configured folder, provide deletion/exclusion guidance, and avoid injecting untrusted fragments without review.