Skillv1.0.0

ClawScan security

Obsidian 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 2:36 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions match its stated purpose (managing Obsidian vaults via obsidian-cli); the only notable risk is installing a third‑party brew formula—otherwise it behaves as expected.
Guidance: This skill is internally consistent: it needs obsidian-cli and reads your Obsidian config and vault files to do its job. Before installing: (1) confirm you trust the Homebrew tap 'yakitrak' and review the formula/source code for the obsidian-cli package, (2) be aware that running the skill will access and can modify your local notes and Obsidian config (back up sensitive vaults first), and (3) if you’re not on macOS or do not keep Obsidian in the documented path, verify how obsidian-cli determines vault locations. If you have any doubt about the brew tap, inspect the repo or run obsidian-cli in a controlled environment first.

Review Dimensions

Purpose & Capability: okName/description (manage Obsidian vaults) aligns with the declared requirement (obsidian-cli) and the SKILL.md, which documents how to find the active vault and use obsidian-cli commands. Requiring obsidian-cli is proportionate and expected.
Instruction Scope: noteSKILL.md instructs the agent to read the Obsidian config at ~/Library/Application Support/obsidian/obsidian.json and to operate on vault files (*.md, .canvas, attachments). Reading that config and notes is necessary to locate and manage vaults, but it does mean the skill will access potentially sensitive personal notes and config data if invoked — this is expected for its purpose but worth noting for privacy.
Install Mechanism: noteInstall uses a Homebrew formula from a third‑party tap (yakitrak/yakitrak/obsidian-cli). Using a non-official tap carries some risk because it will install binaries from that tap; verify the tap/formula source and trustworthiness before installing. No direct downloads or extract-from-URL steps are present in the skill bundle.
Credentials: okNo environment variables, credentials, or config paths beyond the user's Obsidian config and vault files are requested. The access asked for is proportional to the skill's stated function.
Persistence & Privilege: okThe skill is not forced always-on and does not request elevated or system-wide configuration changes. It is user-invocable and may be invoked autonomously (platform default), which is normal for skills.