Skillv1.0.0

ClawScan security

Obsidian Official CLI Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:46 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements align with its stated purpose (controlling the Obsidian CLI), but it is instruction-only, can perform broad file and app operations on your local vaults, and the package provenance is unclear — verify source before installing.
Guidance: This skill appears to do what it says — it runs your local obsidian CLI and can read and change files in your vault. Before installing: (1) verify the skill package comes from a trusted source (the registry shows no homepage/source even though README references a GitHub releases URL), (2) back up your vaults, (3) test the obsidian CLI manually (obsidian version; a few safe read commands) to confirm your setup, (4) be aware the agent can run destructive commands (delete/move, plugin install/enable), so only allow the skill if you trust the skill/publisher or run it in a sandbox/test vault. If provenance is unclear, prefer skills with a verifiable repository or official homepage.

Review Dimensions

Purpose & Capability: okThe name/description describe using the official Obsidian CLI and the SKILL.md contains detailed, coherent CLI commands and examples that match that purpose. No unrelated credentials, binaries, or services are requested.
Instruction Scope: noteThe SKILL.md instructs the agent to run local obsidian CLI commands (create/move/delete notes, manage plugins, take screenshots, access developer console/DOM inspection). Those are within the skill's domain, but they grant broad access to your vault and Obsidian app state (including destructive file operations and plugin/theme management). This is expected for an Obsidian CLI skill but worth attention: the agent may read, modify, or delete local notes and settings.
Install Mechanism: noteThere is no install spec in the registry (instruction-only skill). README suggests downloading a .skill file from a GitHub releases page, but registry metadata lists source/homepage as unknown/none — an inconsistency in provenance. No archived downloads or remote installers are embedded in the skill bundle itself.
Credentials: okThe skill requests no environment variables or credentials. It does require the user to have Obsidian 1.12+ with the CLI enabled and the obsidian command registered locally — these are proportional to the described functionality.
Persistence & Privilege: okalways is false and the skill is user-invocable; model invocation is allowed (default). Autonomous invocation is normal for skills; this skill does not request elevated system-wide privileges or to persist in other skills' configs.