Skillv1.0.8

ClawScan security

Obsidian Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 29, 2026, 12:22 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with its stated purpose (semantic search of Obsidian notes), but it requires uploading your notes to a third‑party server via an MCP link — evaluate trust and privacy before enabling.
Guidance: This skill appears to do what it says, but it requires sending your Obsidian notes (text and embeddings) to a third‑party service (Obvec) via an MCP link that contains an embedded token. Before enabling: - Confirm you trust the service/domain (obsidian.10xboost.org / rag.10xboost.org) and review its privacy policy and data deletion procedures. The SKILL.md claims storage on Google Cloud and per-user isolation but you should verify. - Understand that the MCP link is effectively a password: keep it private, and revoke/regenerate it if leaked. The token provides read access to full note content. - Avoid indexing extremely sensitive data if you cannot accept third‑party storage. Use local-only alternatives if you need stronger privacy guarantees. - When configuring the Connector, verify which permissions the token grants (SKILL.md says read-only) and that the connector implementation does not add broader access. - Because this is an instruction-only skill (no code to inspect), consider testing with a small non-sensitive subset of notes first and confirm you can delete indexed data from the Obvec dashboard. If you want greater assurance, ask the publisher for details (service SLA, where data is stored, retention policy) or prefer a local-only semantic search solution.

Review Dimensions

Purpose & Capability: okThe name, description, and runtime instructions all describe AI semantic search over Obsidian notes using a remote service (Obvec). The listed tools (search_notes, list_notes, get_note, analyze_connections) match the claimed capabilities. Nothing in the SKILL.md asks for unrelated functionality.
Instruction Scope: noteThe instructions are scoped to searching/listing/retrieving/analyzing notes via an MCP link (connector). They explicitly state that note content is uploaded to the Obvec server and that the MCP URL contains an embedded token. The SKILL.md does not instruct reading local system files or unrelated credentials, but it does require sending full note contents to a third party — a material privacy action the user should understand.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. That minimizes install-time risk.
Credentials: noteNo environment variables or platform credentials are declared, which is consistent because access is provided by pasting an MCP link into a Connector. The MCP link acts as the credential (embedded token). That credential grants read access to full note content — reasonable for this feature but high-sensitivity from a privacy perspective. The SKILL.md also asks users to sign up with Google (for the Obvec service), which may link your Google account to the service.
Persistence & Privilege: okalways:false and no install hooks are present. The skill can be invoked autonomously (platform default), which is expected; note that autonomous invocation + access to your indexed notes means the agent can retrieve/upload note content when allowed by your connector configuration.