Skillv1.0.0

ClawScan security

Obsidian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are plausible for automating Obsidian via obsidian-cli, but there are several inconsistencies and privacy-relevant actions (reading a user config file) that aren't declared or explained.
Guidance: This skill appears to be written to automate Obsidian via obsidian-cli, but it has some red flags you should consider before installing or granting it access: - The SKILL.md instructs the agent to read the user file '~/Library/Application Support/obsidian/obsidian.json' to discover vaults. That is a personal config file in your home folder — confirm you are comfortable letting the agent read it, or run the skill in a sandbox/test account or with a test vault. - The package metadata is inconsistent: the registry shows no required binaries or install steps, yet the SKILL.md requires 'obsidian-cli' and suggests installing it from a third-party Homebrew tap (yakitrak). If you plan to install that formula, verify the tap and formula source before trusting it. - The instructions assume macOS paths and an installed Obsidian desktop app; there is no OS restriction declared. If you are not on macOS, the config path will not exist and the behavior may be undefined. - Because the skill performs file operations (create/move/delete), double-check any commands it will run and consider limiting operations to a dedicated test vault until you confirm correct behavior. If you want this skill, ask the developer to: (1) make declared requirements and install metadata match the SKILL.md, (2) explicitly declare the config file path as a required config/data access, and (3) use an official obsidian-cli distribution source or document the brew tap provenance. If you are unsure, treat this as suspicious and avoid giving it access to your real vaults.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes exactly the expected functionality (use obsidian-cli to operate on Obsidian vaults). However the skill registry metadata at the top of the package claims no required binaries or install steps, while the embedded SKILL.md metadata requires the 'obsidian-cli' binary and even provides a brew install. This mismatch between declared requirements and the runtime instructions is inconsistent and should be resolved.
Instruction Scope: concernRuntime instructions explicitly tell the agent to read the user's Obsidian config at '~/Library/Application Support/obsidian/obsidian.json' to discover vaults. That is a user-home file containing personal metadata about vault locations; reading it is outside a trivial 'note editing' scope and is not declared in the registry-level config. The instructions also assume Obsidian desktop and functioning URI handlers, and give commands that operate on user files (create/move/delete). The skill therefore directs file reads/changes in the user's home directory without those paths being declared.
Install Mechanism: noteThere is no formal install spec in the registry listing, but the SKILL.md includes an install hint: a brew formula 'yakitrak/yakitrak/obsidian-cli'. Using Homebrew is common, but this references a third-party tap (yakitrak) rather than a canonical upstream package. That raises modest risk: the formula source is not an obviously well-known official release host.
Credentials: concernThe registry lists no required environment variables or config paths, yet the instructions require reading a specific config file in the user's home directory to find vault paths. Accessing that personal config file is a credential/data-access decision and should be declared. No other credentials are requested, which is proportionate, but the undeclared file access is the main issue.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated persistent privileges. It is user-invocable and allows normal autonomous invocation, which is the platform default. Nothing in the package asks to modify other skills or system-wide agent settings.