ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Personal Knowledge Manage

v1.0.0

Manage personal knowledge base with Obsidian vault operations and OneDrive synchronization. Use when working with notes in /data/wudi/PersonalKnowledge inclu...

0· 66·1 current·1 all-time
byWu Di@starryforest-ymxk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (Obsidian vault operations + OneDrive sync) matches the runtime instructions. However, the SKILL.md assumes the presence of tools and scripts (rclone, obsidian-cli, read/write/edit agent tools, and multiple ~/scripts/*) and a specific local vault path (/data/wudi/PersonalKnowledge). The skill package did not declare these binaries/configs as requirements, which is a mismatch between claimed requirements and actual needs.
!
Instruction Scope
Instructions tell the agent to read, modify, and always sync files under /data/wudi/PersonalKnowledge and to run user scripts (e.g., bash ~/scripts/sync-notes-safe.sh). They also document cron automation and crontab edits. These actions are within the stated purpose but expand the agent's authority to run arbitrary scripts, change scheduled jobs, and transmit local notes to a remote OneDrive — which increases risk if the scripts, remotes, or paths are not exactly the user's.
Install Mechanism
No install specification — instruction-only skill. This minimizes supply-chain risk because nothing is downloaded or written by the skill bundle itself.
Credentials
The skill declares no required environment variables or credentials, yet it depends on an existing rclone configuration (a configured 'onedrive' remote) and on obsidian-cli and shell scripts in the user's home. Those external credentials/configs live outside the skill but would be used to access cloud storage. Not declaring these dependencies is a proportionality/visibility gap the user should review.
Persistence & Privilege
always:false (good). However, the documentation explicitly recommends and provides cron entries to run periodic syncs; if the agent is allowed to apply those changes, that creates persistence (regular automatic syncs). The skill itself does not force always:true, but it instructs actions that can grant ongoing, automated access to local files and cloud upload capability.
What to consider before installing
This skill appears to do what it says, but before installing: (1) Verify the scripts referenced (~/scripts/*.sh) and their contents — don't run them unless you trust them. (2) Confirm rclone and obsidian-cli are installed and that the configured 'onedrive' remote points to your account (rclone stores OAuth tokens/config outside the skill). (3) Be cautious about allowing the agent to run cron edits or automatic syncs — prefer manual sync until you audit the scripts and rclone config. (4) Note the skill assumes a specific local vault path (/data/wudi/PersonalKnowledge); ensure the agent should have access to that path. If you can't examine the scripts and rclone config, treat the skill as higher-risk and avoid granting it permission to run the sync/cron commands automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bhthmea782hyah86yj370f583ff0c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments