ClawHub

Obsidian Ontology Sync 1.0.1

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Obsidian syncing, but it needs review because it can repeatedly turn private notes about contacts, clients, teams, and work behavior into durable local graph files.

Install only if you intentionally want these Obsidian folders converted into a structured local knowledge graph. Before enabling cron, run dry-run mode, set a narrow config, review the exact input and output paths, exclude sensitive folders or fields where possible, and protect or periodically delete generated graph and feedback files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README encourages unattended cron-based syncing of Obsidian notes and generation of ontology/feedback artifacts, but it does not warn that personal knowledge base content may contain sensitive personal, client, or team data that will be copied, transformed, and stored in additional locations. In this skill context, the risk is elevated because the file structure explicitly targets contacts, clients, and team notes, increasing the likelihood of processing PII and creating secondary data stores that broaden exposure and retention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automates extraction of personal, team, client, and behavioral data into a structured ontology without any explicit privacy warning, consent model, retention policy, or discussion of downstream use. Because the data includes contact details, work relationships, response patterns, blockers, and business intelligence, silent aggregation materially increases privacy, profiling, and misuse risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly sets up recurring cron jobs to scan notes, analyze content, and generate reports, but does not clearly warn users about continuous background processing of sensitive local data. Persistent automation increases the blast radius of misconfiguration or overcollection because new private notes and team data will be repeatedly ingested and analyzed without per-run awareness.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script extracts personal data such as names, email addresses, phone numbers, affiliations, and relationship mappings from notes and persists them to a long-lived ontology file without any consent prompt, minimization, or visibility controls. In a PKM/vault context this is more dangerous because the data may be highly sensitive and aggregated into a machine-queryable graph, increasing privacy exposure if the storage is later accessed, synced, or leaked.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The feedback function silently creates or overwrites markdown files inside the user's vault, modifying user content without an explicit warning or confirmation. In an Obsidian vault this can have real impact because vault contents are often synced, indexed, or trusted by downstream tooling, so unexpected file creation can leak metadata, create noise, or interfere with user workflows.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal