Back to skill
Skillv1.0.0
ClawScan security
Obsidian Bases · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 6:42 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only helper for creating and validating Obsidian .base files; its instructions, files, and declared requirements are coherent and do not request unrelated credentials or installs.
- Guidance
- This is an instruction-only helper for creating and validating Obsidian .base files and appears internally consistent. It doesn't request credentials or install anything. Before enabling it, confirm that: (1) your agent runtime already has legitimate access to the Obsidian vault you want to modify (the skill assumes it can read/write .base files in the vault), (2) you are comfortable with the agent being allowed to invoke the skill autonomously (disable-model-invocation is false by default), and (3) you review any .base files the agent creates in a test/backup vault first if they contain sensitive metadata. If you want tighter control, keep the skill user-invocable only and avoid granting the agent broad filesystem access to sensitive locations.
Review Dimensions
- Purpose & Capability
- okThe name/description (editing Obsidian .base files) matches the SKILL.md content and the included functions reference. No unrelated environment variables, binaries, or install steps are required.
- Instruction Scope
- okRuntime instructions are limited to creating/validating .base YAML, defining filters/formulas/views, and testing them in Obsidian. The guide references only vault/file-level properties expected for Obsidian views and does not instruct accessing system-wide config, secrets, or external endpoints.
- Install Mechanism
- okThere is no install spec and no code to write or execute on disk (instruction-only), so there is minimal install-related risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The functions and file properties documented are appropriate for operating on Obsidian vault files and don't require additional secrets.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level presence or modify other skills. The default ability for the agent to invoke the skill autonomously is normal and expected.