Obsidian Ontology Sync
v1.0.1Bidirectional sync between Obsidian PKM (human-friendly notes) and structured ontology (machine-queryable graph). Automatically extracts entities and relatio...
⭐ 15· 6.6k·98 current·103 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill claims 'bidirectional sync' and a feedback loop, but the included code and instructions primarily show one-way extraction (markdown → ontology) and writing to a local jsonl graph. There is evidence of a 'feedback' phase in docs, but the truncated script does not show automatic writes back into Obsidian notes; this mismatch is likely an overstatement or incomplete implementation rather than clear maliciousness.
Instruction Scope
SKILL.md and README instruct scanning configured Obsidian directories (defaulting to /root/life/pkm) and running the bundled Python script. That scope matches the stated purpose (extracting entities/relations). However, the skill will read arbitrary markdown files under the vault and extract sensitive fields (emails, phones, notes) and will write an append-only ontology file. The instructions also recommend scheduling periodic runs (cron), which grants persistent read/write activity on local files if enabled—make sure you intend that.
Install Mechanism
There is no install spec and the skill is instruction-only with a contained Python script. Nothing is downloaded or executed from external URLs during install. This is low-risk from an install-mechanism perspective.
Credentials
No environment variables, secrets, or external credentials are requested. The script reads and writes local filesystem paths (defaults under /root/life/pkm and ~/.openclaw workspace). File access is proportional to the stated purpose, but the default filesystem paths are privileged (root's homedir) and should be reviewed/changed to a safer, user-owned vault location before running.
Persistence & Privilege
The skill is not marked always:true and requires explicit invocation, but README/SKILL.md recommend scheduling via cron (or OpenClaw cron). If you enable scheduled runs, the skill will repeatedly read your vault and write ontology files. Autonomous invocation is allowed by platform defaults; consider whether you want periodic, unattended access to your notes.
Assessment
This skill appears to do what it says: it scans an Obsidian vault and writes a local ontology (graph.jsonl). Before installing/running: 1) Review and edit config.yaml to point vault_path and ontology storage to directories you control (avoid default /root paths). 2) Run the extractor in dry-run mode first (the README shows --dry-run) to see what will be extracted. 3) Inspect the generated ontology files to confirm no unexpected sensitive data was captured. 4) If you don't want persistent automatic access, do not add the recommended cron job; run manually instead. 5) If you expect true bidirectional sync (writes back into notes), ask the author or inspect the remainder of the code to confirm that behavior — current code appears primarily one-way. 6) If you are concerned about privacy, run the script in a sandbox or backup your vault before first run. If you want higher assurance, request the full, non-truncated script and confirm there are no network calls or hidden endpoints before enabling scheduled/automated runs.Like a lobster shell, security has layers — review code before you run it.
latestvk975vgg0zxk6nakckpxzab2vdh81z6zq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.