Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
obsidian-wiki
v1.0.0Build and maintain a personal knowledge Wiki using the LLM Wiki pattern with OpenClaw-optimized step-by-step execution. Use sub-agents for parallel processin...
⭐ 0· 0·0 current·0 all-time
by@jayxjw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and the included sub-agent documents all align: scanning a raw/ folder, extracting entities/concepts, and creating wiki pages is coherent with an Obsidian wiki builder. The declared absence of required env vars/binaries also matches an instruction-only skill.
Instruction Scope
The SKILL.md instructs the agent to run filesystem operations (ls/stat, move/rename, create directories), to read full file contents (explicitly 'NEVER return partial content'), and to 'automatically check and install Python and required packages'. Those instructions go beyond passive analysis: they direct modification of the user's filesystem and software environment and require running shell-level checks/installs. Reading entire files + chunking is expected for ingestion, but it increases the chance of exposing sensitive data if the raw path is broad or mis-specified.
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md tells the agent to 'automatically check and install Python and required packages (pypdf, python-docx) if not present.' The method is unspecified (system package manager, downloading installers, or pip), which is high-risk: installing Python or pip packages can modify the environment and execute arbitrary code. Installing from PyPI (pypdf, python-docx) is plausible for PDF/DOCX handling but should be done explicitly and with user approval or in a sandbox.
Credentials
The skill requests no credentials or env vars, which is proportionate. However, it requires reading and writing files under ~/Obsidian Wiki/ (and scanning a 'raw/' folder). While expected for a wiki tool, that file-system access can expose any files placed under the raw/ tree. There are no listed unrelated credentials, which is a positive signal.
Persistence & Privilege
always:false (good). The skill will create directories and write pages under the user's home directory, which is normal for this purpose. The main privilege concern is combined with the install instruction: autonomous invocation (the platform default) plus instructions to install software and perform filesystem writes increases the blast radius if the skill runs without active supervision.
What to consider before installing
This skill appears to implement what it claims, but take precautions before installing or running it: 1) Verify the skill source or run it in a sandbox/VM so filesystem and package installs cannot affect your main system. 2) Do not point its raw/ directory at broad or sensitive locations (e.g., your entire home or system folders); create a dedicated folder with only the files you want ingested. 3) Prefer to install Python/pip packages yourself rather than letting the skill auto-install; if automatic install is needed, review exactly what commands it will run. 4) Check and back up important files before the skill renames/moves content. 5) Because the skill can be invoked autonomously, restrict or monitor its execution, and remove or disable it if it behaves unexpectedly. If you need higher confidence, ask the author for explicit installation steps and a minimal list of commands the agent will run (or request the skill be updated to avoid auto-installing system software).Like a lobster shell, security has layers — review code before you run it.
latestvk978t5trym2gn7294jc1zr354184qa00
License
MIT-0
Free to use, modify, and redistribute. No attribution required.