ClawHub

Obsidian - read, search, write and edit direct to obsidian vault.

v1.0.0

Work with Obsidian vaults as a knowledge base. Features: fuzzy/phonetic search across all notes, auto-folder detection for new notes, create/read/edit notes with frontmatter, manage tags and wikilinks. Use when: querying knowledge base, saving notes/documents, editing existing notes by user instructions.

5· 6.1k·67 current·69 all-time
by@ruslanlanket
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the included Python scripts: both implement searching, reading, creating and editing Markdown notes in an Obsidian vault. That functionality is coherent with the stated purpose.
Instruction Scope
SKILL.md and the scripts operate only on a local vault folder (search, read, write). However the instructions reference hardcoded, user-specific filesystem paths (/home/ruslan/...) and instruct cd into a specific scripts path. This is an operational mismatch (the paths may not exist for other users) and should be updated to use relative paths or a configurable vault.
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain risk. The included scripts rely on Python and optionally ripgrep/grep; those binaries are not declared in the skill metadata, creating a practical mismatch (the skill will fail or behave differently if rg/grep/yaml are missing).
!
Credentials
Metadata declares no required env vars, yet SKILL.md and scripts use OBSIDIAN_VAULT and the code falls back to a hardcoded DEFAULT_VAULT pointing to /home/ruslan/webdav/data/ruslain. This is a privacy/operational concern: the skill will read/write whatever path is configured (or that hardcoded path if present). No credentials are requested, but the default path leak suggests the package was packaged from a specific user's environment and may inadvertently expose that location.
Persistence & Privilege
always is false and the skill does not request elevated privileges or modify other skills. It does perform file writes to the user's vault (create/edit notes) which is expected for its purpose.
What to consider before installing
This skill is functionally aligned with managing an Obsidian vault, but it contains a hardcoded default vault path and references a developer-specific scripts location. Before installing: (1) verify or set OBSIDIAN_VAULT to your intended vault (do not rely on the packaged default); (2) back up your vault — the skill will create and edit files; (3) ensure Python, and optionally ripgrep (rg) and a YAML library (PyYAML), are available; (4) inspect the two included scripts yourself to confirm there are no unwanted behaviors (they operate locally and do not make network calls, but will read/write all .md files under the vault); (5) consider asking the author to remove hardcoded paths and declare required binaries/envs in metadata. These inconsistencies look like sloppy packaging rather than deliberate malice, but verify before granting filesystem access.

Like a lobster shell, security has layers — review code before you run it.

latestvk979pmems3dc6d3cwe1d42n1z580krbt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments