ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Obsidian

v1.0.1

Work with Rodion's Obsidian vault via Nextcloud. Handle ingest/query/lint for Karpathy wiki pattern. Triggers: add to wiki, ingest, wiki, knowledge base

0· 71·0 current·0 all-time
by@rodrigo09313

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for rodrigo09313/obsidian-wiki-rodrigo.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Obsidian" (rodrigo09313/obsidian-wiki-rodrigo) from ClawHub.
Skill page: https://clawhub.ai/rodrigo09313/obsidian-wiki-rodrigo
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: docker
Config paths to check: nextcloud.path, nextcloud.container
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install obsidian-wiki-rodrigo

ClawHub CLI

Package manager switcher

npx clawhub@latest install obsidian-wiki-rodrigo
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to manage an Obsidian vault via Nextcloud and requires docker + nextcloud config paths, which is coherent. However, SKILL.md embeds an explicit absolute vault path (/home/rodrigo/...) and uses a hard-coded container name ('nextcloud') instead of showing how the declared requires.config (nextcloud.path and nextcloud.container) are used at runtime — an inconsistency that could lead to accidental access to the wrong filesystem or container.
!
Instruction Scope
Instructions explicitly tell the agent to read and write files under the Nextcloud data directory and to run docker exec php occ files:scan. The docs use vague operations like 'write <path>' and 'Read source' without limits or sanitization, which grants broad discretion to modify the vault. The skill references a raw/ directory marked 'NEVER modify' but the general write instructions give the agent the ability to modify files unless additional safeguards are enforced.
Install Mechanism
Instruction-only skill with no install spec or third-party downloads — minimal install risk. It does require the docker binary to be present on the host (declared).
Credentials
No environment secrets are requested (no API keys). However, the skill requires access to configuration values (nextcloud.path and nextcloud.container) that map directly to local filesystem locations and a container name. Those configuration values effectively grant read/write access to a personal Nextcloud data directory and ability to run commands inside the Nextcloud container — which is proportionate to the stated purpose but sensitive. The SKILL.md's use of literal paths/container names instead of referencing the declared config keys is an inconsistency.
Persistence & Privilege
always:false and default autonomy are used; the skill does not request permanent/global inclusion or modifications to other skills. It will run docker exec commands on demand, which increases its operational capability but is expected for this purpose.
What to consider before installing
Before installing or enabling this skill, verify these items: 1) Confirm the nextcloud.path and nextcloud.container values you will supply — the SKILL.md hard-codes /home/rodrigo/... and container name 'nextcloud', which may not match your environment and could cause the agent to operate on an unintended filesystem or container. 2) Back up the vault and Nextcloud data; test in a non-production copy first. 3) Inspect AGENTS.md or any AI instruction pages in the vault to understand what automated behaviors are permitted; ask the skill author to clarify exact write rules (what 'write <path>' does) and to enforce boundaries (only write under wiki/ and summaries/, never raw/). 4) Limit the agent's privileges: avoid running the agent with broad Docker/socket access unless necessary; prefer a dedicated service account or container with least privilege. 5) Consider adding explicit allowlists/deny-lists for paths and confirming that the agent will use declared config values (nextcloud.path/nextcloud.container) rather than hard-coded paths. If you cannot confirm these, treat the skill with caution or run it in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSLinux
Binsdocker
Confignextcloud.path, nextcloud.container
knowledge-basevk97dkfg00j4xj3r9nbhz2p769585b9yslatestvk97dkfg00j4xj3r9nbhz2p769585b9ysnextcloudvk97dkfg00j4xj3r9nbhz2p769585b9ysobsidianvk97dkfg00j4xj3r9nbhz2p769585b9yswikivk97dkfg00j4xj3r9nbhz2p769585b9ys
71downloads
0stars
2versions
Updated 5d ago
v1.0.1
MIT-0
Linux
@rodrigo09313
knowledge-baselatestnextcloudobsidianwiki
Download

Obsidian Wiki

Vault

/home/rodrigo/services/nextcloud/data/admin/files/Obsidian/

Sync After Changes

docker exec nextcloud php occ files:scan admin --path="/admin/files/Obsidian" -q

See sync.md

Wiki Structure

See wiki-structure.md

Operations

See operations.md

Quick Reference

ActionCommand
Read filecat <path>
Create pagewrite <path>
Syncdocker exec nextcloud php occ files:scan...
List notesls *.md

Log Format

## [YYYY-MM-DD] type | Description
- Created: wiki/summaries/...

Comments

Loading comments...