ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Obsidian Litiao

v1.0.0

Work with Obsidian vaults (plain Markdown notes) and automate via obsidian-cli.

0· 206·1 current·1 all-time
by@litiao1224

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for litiao1224/obsidian-litiao.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Obsidian Litiao" (litiao1224/obsidian-litiao) from ClawHub.
Skill page: https://clawhub.ai/litiao1224/obsidian-litiao
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: obsidian-cli
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install obsidian-litiao

ClawHub CLI

Package manager switcher

npx clawhub@latest install obsidian-litiao
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the declared requirement for obsidian-cli and the SKILL.md focuses on manipulating Obsidian vaults. However the instructions assume reading the user's Obsidian config at a macOS path (~/Library/Application Support/obsidian/obsidian.json) while the skill metadata declares no required config paths or OS restriction — an omission that should have been declared.
!
Instruction Scope
Runtime instructions explicitly tell the agent to read a per-user config file (the Obsidian 'obsidian.json' under Application Support) to discover vaults. That file contains user-specific state and the instructions rely on it, but the declared requirements omitted this. The SKILL.md does not direct any network exfiltration, but the un-declared local file access is scope creep relative to the metadata.
Install Mechanism
Install uses a brew formula (yakitrak/yakitrak/obsidian-cli) which is reasonable for a CLI tool, but it's a third-party tap rather than an official upstream/built-in formula. Installing from an unfamiliar third-party brew tap has more risk than a well-known tap; you should review the tap/formula source before installing.
Credentials
No environment variables or credentials are requested (appropriate for this purpose). However, the SKILL.md reads a user config file path not declared in the skill manifest; the manifest should have listed that config path as required so users know local files will be accessed.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent system privileges. Autonomous invocation (default) is allowed — this is normal platform behavior and not flagged by itself.
What to consider before installing
This skill appears to do what it claims (manage Obsidian vaults via obsidian-cli) but there are a few things to check before installing: 1) Confirm you are on macOS or that the obsidian-cli use-case fits your OS — SKILL.md reads a macOS-specific config path but no OS restriction is declared. 2) The brew formula comes from a third-party tap (yakitrak); inspect the tap/formula source to ensure you trust it before running brew install. 3) The skill will read your Obsidian config file (~/Library/Application Support/obsidian/obsidian.json) to find vaults — if you don’t want a skill accessing that file or your vault paths, don’t install. 4) Check the brew formula or the obsidian-cli project repository to verify what the CLI can do (it will be able to read and modify note files). 5) Note the minor metadata inconsistency: the _meta.json ownerId differs from the registry ownerId; consider verifying the publisher. If you need higher assurance, ask the publisher for the obsidian-cli's canonical upstream link or a signed release to review.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💎 Clawdis
Binsobsidian-cli

Install

Install obsidian-cli (brew)
Bins: obsidian-cli
brew install yakitrak/yakitrak/obsidian-cli
latestvk972yemjmfc8276vkjrkf5n0j58338g4
206downloads
0stars
1versions
Updated 16m ago
v1.0.0
MIT-0
@litiao1224
latest
Download

Obsidian

Obsidian vault = a normal folder on disk.

Vault structure (typical)

  • Notes: *.md (plain text Markdown; edit with any editor)
  • Config: .obsidian/ (workspace + plugin settings; usually don’t touch from scripts)
  • Canvases: *.canvas (JSON)
  • Attachments: whatever folder you chose in Obsidian settings (images/PDFs/etc.)

Find the active vault(s)

Obsidian desktop tracks vaults here (source of truth):

  • ~/Library/Application Support/obsidian/obsidian.json

obsidian-cli resolves vaults from that file; vault name is typically the folder name (path suffix).

Fast “what vault is active / where are the notes?”

  • If you’ve already set a default: obsidian-cli print-default --path-only
  • Otherwise, read ~/Library/Application Support/obsidian/obsidian.json and use the vault entry with "open": true.

Notes

  • Multiple vaults common (iCloud vs ~/Documents, work/personal, etc.). Don’t guess; read config.
  • Avoid writing hardcoded vault paths into scripts; prefer reading the config or using print-default.

obsidian-cli quick start

Pick a default vault (once):

  • obsidian-cli set-default "<vault-folder-name>"
  • obsidian-cli print-default / obsidian-cli print-default --path-only

Search

  • obsidian-cli search "query" (note names)
  • obsidian-cli search-content "query" (inside notes; shows snippets + lines)

Create

  • obsidian-cli create "Folder/New note" --content "..." --open
  • Requires Obsidian URI handler (obsidian://…) working (Obsidian installed).
  • Avoid creating notes under “hidden” dot-folders (e.g. .something/...) via URI; Obsidian may refuse.

Move/rename (safe refactor)

  • obsidian-cli move "old/path/note" "new/path/note"
  • Updates [[wikilinks]] and common Markdown links across the vault (this is the main win vs mv).

Delete

  • obsidian-cli delete "path/note"

Prefer direct edits when appropriate: open the .md file and change it; Obsidian will pick it up.

Comments

Loading comments...