Skillv2.0.1

ClawScan security

Save To Obsidian Publish · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 4:53 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose (saving web articles into Obsidian); it does network fetching and local file writes as expected, with no unexplained credentials or hidden endpoints, but it does send URLs/content to a third‑party (r.jina.ai) and will download arbitrary URLs so users should be cautious about what they feed it.
Guidance: This skill appears to do what it says, but review and take these precautions before installing/running it: - Inspect and set OBSIDIAN_DIR and ATTACHMENTS_DIR to directories you control; do not run pointing at system or root-owned paths. - Be aware the script sends the target URL to https://r.jina.ai (third‑party) to obtain Markdown; if you need privacy for the URLs or content, remove/modify that fallback or avoid using it. - The script will fetch arbitrary URLs (pages, images) with curl — do not point it at sensitive internal-only URLs (this can cause local-network requests or leak internal endpoints to remote content hosts). - The duplicate record file (.saved_urls.json) is written next to the script; move or secure it if that matters. - Run the script with a user account (not root) and consider running it in a sandbox if you plan to process untrusted/malicious pages. If you want a stricter review, provide the truncated portion of the Python file (the repository content was truncated in the prompt) so I can verify the remaining parsing/writing logic and any other network calls.

Review Dimensions

Purpose & Capability: okName/description ask to fetch web articles, summarize, tag, localize images, and save Markdown — the script implements those features and only requires curl/Python. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: noteSKILL.md and the script stay within scope: they instruct the user to set OBSIDIAN_DIR/ATTACHMENTS_DIR and call the provided Python script. The script fetches article HTML/Markdown (via r.jina.ai and curl), extracts content, downloads images, and writes files locally. Note: the script sends the target URL to the r.jina.ai service and performs arbitrary HTTP fetches, which is expected for this tool but means URLs/metadata are disclosed to that third party.
Install Mechanism: okThere is no automated install step and no external packages are downloaded during install. The script uses the system 'curl' binary via subprocess; this is low-risk and proportional to the task.
Credentials: okNo environment variables or external credentials are requested or used. The script only reads/writes local paths that the user is instructed to configure. No secret exfiltration hooks or unexpected credential usage were found.
Persistence & Privilege: okSkill does not request persistent elevated privileges, does not set always:true, and does not modify other skills or system-wide agent settings. It creates a local '.saved_urls.json' record next to the script and files under the user-specified Obsidian directories — expected behavior for local deduplication.