Obsidian Vault Curator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: obsidian-vault-curator Version: 1.0.0 The obsidian-vault-curator bundle is a legitimate toolset for organizing and migrating Markdown-based knowledge bases. It utilizes Python scripts (scripts/inventory_slice.py, scripts/check_links.py, etc.) to perform read-only analysis, identify duplicates, and validate YAML frontmatter. While inventory_slice.py contains regex patterns to detect potential secrets like API keys or Bearer tokens, the logic is designed to flag these for human review rather than exfiltrate them. The instructions in SKILL.md and the references/ directory are explicitly safety-oriented, mandating small 'write slices,' prohibiting unauthorized deletions, and requiring manual verification of sensitive data before any action is taken.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You have less external context about the publisher or upstream source.
The package has no external homepage or source repository listed, so users have limited independent provenance information even though the included scripts are visible.
Source: unknown; Homepage: none
Install only if you trust the registry copy and review the included files; no hidden remote dependency is shown.
If you approve edits, the agent may change your vault files; mistakes could affect organization or links.
The workflow allows the agent to make persistent note changes, but only after approval and with diff/link/frontmatter verification.
After approval, and before changing files: ... change one slice ... inspect the diff ... verify links
Review each proposed write slice, keep backups or version control, and avoid approving broad moves or rewrites at once.
Private note contents may be loaded into the agent's context during analysis, and paths to suspected sensitive notes may be reported.
The inventory helper reads note bodies from the selected target and flags possible sensitive content by path, without printing the suspected secret value.
with open(path, "r", encoding="utf-8") as handle:
text = handle.read()
...
if looks_sensitive_unverified(text):
sensitive_candidates.append(rel)Run it only on intended vault slices and avoid including folders with secrets unless you want them reviewed.
For large vaults, selected note context may be shared across multiple agent work streams.
The skill supports subagent use for larger vaults, but it explicitly bounds each subagent to one slice and keeps writes in the main agent by default.
read-only subagents inspect in parallel if helpful ... main agent merges findings ... give each subagent one bounded slice only
Use subagents only for bounded, non-sensitive slices unless you explicitly want broader review.