ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Obsidian Cli Tool

v1.0.0

Interact with Obsidian vaults using the Obsidian CLI to read, create, search, and manage notes, tasks, properties, and more. Also supports plugin and theme d...

0· 393·1 current·1 all-time
byLi Yaping@sadlay
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md documents CLI commands for listing/opening/searching/creating/deleting notes and plugin development (reload, eval, screenshot, DOM). These directly align with the skill name and description. The only minor coherence issue is that the skill doesn't declare the 'obsidian' CLI as a required binary in metadata, even though the instructions depend on it and an open Obsidian instance.
Instruction Scope
Instructions stay within the stated domain (vault and plugin operations). However, 'obsidian plugin eval "<code>"' allows arbitrary JavaScript execution inside the running Obsidian process and can access or modify vault contents or the host environment; 'obsidian delete <note>' performs destructive actions. These are expected for plugin/dev tasks but are high-impact, so they warrant caution.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill itself. That is lower risk and consistent with the declared metadata.
Credentials
The skill requests no environment variables, credentials, or config paths, which is appropriate for a local CLI wrapper. Note that the skill can still perform powerful actions within the user's Obsidian instance (read/delete/execute JS) without requesting external secrets.
Persistence & Privilege
always is false and the skill does not request modification of other skills or global agent settings. The agent may invoke the skill autonomously (platform default); combined with commands like plugin eval and delete, that increases operational risk if the agent is permitted to run without human review.
Assessment
This skill appears to do what it claims (control Obsidian via the obsidian CLI), and it asks for no external credentials. Before installing or enabling it for autonomous use, consider: 1) ensure the local 'obsidian' CLI and the Obsidian CLI plugin are what you expect (trustworthy source); 2) do not allow autonomous agent invocation if you don't want the agent to run destructive or arbitrary-code commands (plugin eval and delete); 3) backup your vault before permitting operations that modify or delete notes; and 4) prefer manual review of any commands the agent proposes that use plugin eval or other high-impact operations. If you want stricter safety, request the skill declare the 'obsidian' binary dependency and consider restricting the set of allowed commands (e.g., disable eval/delete) or only use in a disposable/testing vault.

Like a lobster shell, security has layers — review code before you run it.

latestvk97474fgs09939bcj4cjz3cvbx829z59
393downloads
0stars
1versions
Updated 5h ago
v1.0.0
MIT-0
Li Yaping@sadlay
latest
Download

Obsidian CLI

Use the obsidian CLI to interact with a running Obsidian instance. Requires Obsidian to be open.

Command reference

Vault operations

  • obsidian list vaults — List all vaults
  • obsidian open <vault> — Open a vault by name
  • obsidian open <note> — Open a note in the default vault
  • obsidian search "query" — Fuzzy search for notes
  • obsidian search-content "term" — Search within note contents

Note operations

  • obsidian create --name "Title" --content "Body text" — Create a new note
  • obsidian print <note> — Print note contents
  • obsidian move <source> <target> — Move or rename a note
  • obsidian delete <note> — Delete a note
  • obsidian daily — Open or create today's daily note

Properties (frontmatter)

  • obsidian frontmatter get <note> <key> — Get a property value
  • obsidian frontmatter set <note> <key> <value> — Set a property value
  • obsidian frontmatter remove <note> <key> — Remove a property

Plugin development

  • obsidian plugin reload — Reload the current plugin
  • obsidian plugin eval '<code>' — Run JavaScript in Obsidian
  • obsidian plugin screenshot — Take a screenshot of Obsidian
  • obsidian plugin dom — Inspect the DOM structure

Usage examples

# Create a note
obsidian create --name "Meeting Notes" --content "# Standup\n\n- Task A done\n- Task B in progress"

# Search for a note
obsidian search "project roadmap"

# Read a note
obsidian print "Projects/Website Redesign"

# Update frontmatter
obsidian frontmatter set "Todo List" status "in-progress"

# Open daily note
obsidian daily

Requirements

  • Obsidian must be running
  • The Obsidian CLI plugin must be installed and enabled
  • For plugin development commands, the workspace must be an Obsidian plugin project

Comments

Loading comments...