Obsidian Brain
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: obsidian-brain Version: 1.7.0 The obsidian-brain skill bundle implements a structured long-term memory system for an AI agent using Obsidian. It defines a layered retrieval process (L0-L2) and strict protocols for writing 'memory fragments' to the local filesystem using standard file operations. The instructions in SKILL.md and references/storage-distinction.md are focused on improving agent efficiency and preventing data loss between sessions, with no evidence of data exfiltration, unauthorized execution, or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may spend every interaction searching and injecting old memory, even when the user did not ask for memory use.
The skill makes memory search mandatory for any user message, even trivial or unrelated ones, which can override the user's immediate task flow.
任何用户消息(即使只是一个文件名)都是对话开始信号,必须先执行第0步搜碎片。文件名≠跳过符。
Limit mandatory memory loading to explicit memory-related tasks, or require a user-visible opt-in/skip option before reading prior fragments.
If the agent has publishing access, it could publish a modified skill version as part of the workflow without a clear confirmation step.
Publishing a new ClawHub version is a high-impact account/registry action, and the instruction does not require explicit user approval or explain why it is necessary for an Obsidian memory skill.
N+2. ⚠️ 如果本技能(obsidian-brain)被编辑 → clawhub publish 新版本
Remove automatic publish instructions from the skill workflow, or require a separate explicit user command and confirmation before any publish action.
Sensitive or incorrect facts from a conversation could be stored and later reused across sessions, influencing future answers.
The skill both injects retrieved memory into context and writes new persistent fragments immediately, without a clear approval, exclusion, correction, or containment policy.
search_files → L0 → 相关则L1 → 注入上下文 ... 任一"是" → 立即写入,同轮次完成。不等不拖。
Ask before writing persistent memory, keep memory scoped to a clearly configured folder, provide deletion/exclusion guidance, and avoid injecting untrusted fragments without review.