ClawHub

Obsidian

v1.0.0

Work with Obsidian vaults (plain Markdown notes) and automate via obsidian-cli.

333· 82.5k·2.3k current·2.4k all-time
byPeter Steinberger@steipete
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes exactly the expected functionality (use obsidian-cli to operate on Obsidian vaults). However the skill registry metadata at the top of the package claims no required binaries or install steps, while the embedded SKILL.md metadata requires the 'obsidian-cli' binary and even provides a brew install. This mismatch between declared requirements and the runtime instructions is inconsistent and should be resolved.
!
Instruction Scope
Runtime instructions explicitly tell the agent to read the user's Obsidian config at '~/Library/Application Support/obsidian/obsidian.json' to discover vaults. That is a user-home file containing personal metadata about vault locations; reading it is outside a trivial 'note editing' scope and is not declared in the registry-level config. The instructions also assume Obsidian desktop and functioning URI handlers, and give commands that operate on user files (create/move/delete). The skill therefore directs file reads/changes in the user's home directory without those paths being declared.
Install Mechanism
There is no formal install spec in the registry listing, but the SKILL.md includes an install hint: a brew formula 'yakitrak/yakitrak/obsidian-cli'. Using Homebrew is common, but this references a third-party tap (yakitrak) rather than a canonical upstream package. That raises modest risk: the formula source is not an obviously well-known official release host.
!
Credentials
The registry lists no required environment variables or config paths, yet the instructions require reading a specific config file in the user's home directory to find vault paths. Accessing that personal config file is a credential/data-access decision and should be declared. No other credentials are requested, which is proportionate, but the undeclared file access is the main issue.
Persistence & Privilege
The skill does not request 'always: true' or other elevated persistent privileges. It is user-invocable and allows normal autonomous invocation, which is the platform default. Nothing in the package asks to modify other skills or system-wide agent settings.
What to consider before installing
This skill appears to be written to automate Obsidian via obsidian-cli, but it has some red flags you should consider before installing or granting it access: - The SKILL.md instructs the agent to read the user file '~/Library/Application Support/obsidian/obsidian.json' to discover vaults. That is a personal config file in your home folder — confirm you are comfortable letting the agent read it, or run the skill in a sandbox/test account or with a test vault. - The package metadata is inconsistent: the registry shows no required binaries or install steps, yet the SKILL.md requires 'obsidian-cli' and suggests installing it from a third-party Homebrew tap (yakitrak). If you plan to install that formula, verify the tap and formula source before trusting it. - The instructions assume macOS paths and an installed Obsidian desktop app; there is no OS restriction declared. If you are not on macOS, the config path will not exist and the behavior may be undefined. - Because the skill performs file operations (create/move/delete), double-check any commands it will run and consider limiting operations to a dedicated test vault until you confirm correct behavior. If you want this skill, ask the developer to: (1) make declared requirements and install metadata match the SKILL.md, (2) explicitly declare the config file path as a required config/data access, and (3) use an official obsidian-cli distribution source or document the brew tap provenance. If you are unsure, treat this as suspicious and avoid giving it access to your real vaults.

Like a lobster shell, security has layers — review code before you run it.

latestvk971vje0zv6fg15kv9z4jy3s8x7yj61t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💎 Clawdis
Binsobsidian-cli

Install

Install obsidian-cli (brew)
Bins: obsidian-cli
brew install yakitrak/yakitrak/obsidian-cli

Comments