Back to skill
Skillv1.0.0
VirusTotal security
Obsidian · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:00 AM
- Hash
- d63ecd4da632c06a47844f50fbca5164ae3ef5e3aa3f13f618c2165ac759f444
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: obsidian Version: 1.0.0 The skill is classified as suspicious due to its reliance on installing a third-party command-line tool (`obsidian-cli`) from a custom Homebrew tap (`yakitrak/yakitrak`) as specified in `SKILL.md`. This introduces a supply chain risk, as the integrity of the `obsidian-cli` tool depends on the `yakitrak` maintainer. Additionally, `SKILL.md` explicitly instructs the AI agent to read a local configuration file (`~/Library/Application Support/obsidian/obsidian.json`), which, while necessary for the stated purpose, represents a direct instruction for file system access, a high-risk capability. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal