Is obsidian-daily safe?

The skill templates instruct the agent to run commands like: obsidian-cli create "$(date +%Y-%m-%d).md" --content "$(printf '\n%s' "ENTRY_TEXT")" --append. If the agent substitutes user-supplied text directly into ENTRY_TEXT without proper escaping, shell metacharacters in user input could lead to arbitrary command execution. This is a design weakness in the instruction template, not active exploitation.

The SKILL.md contains unresolved git merge conflict markers (<<<<<<< Updated upstream / ======= / >>>>>>> Stashed changes) in the YAML frontmatter around the metadata section. This indicates the skill was published without resolving a merge conflict. While not a security issue per se, it demonstrates poor quality control and could cause YAML parsing failures in some skill loaders.

The skill instructs the agent to execute multiple shell commands (date, obsidian-cli with various subcommands). While each command is legitimate for the skill's purpose, the aggregate surface area of shell execution is moderately broad. An agent following these instructions will readily execute shell commands, which could lower the agent's resistance to executing other shell commands in the same session.

The search-content command surfaces vault content into the agent's context. This is the intended behavior but means private notes could be exposed to the LLM provider and potentially to other skills with network access.

The filesystem monitoring shows .env and .aws/credentials being read during installation, but these accesses are attributable to the openclaw audit harness runtime (reading its own config), not the skill itself. The skill has no executable code that runs during installation.

The SKILL.md frontmatter (in the merge conflict) references version 2.0, while _meta.json shows version 1.2.1. This is likely a consequence of the unresolved merge conflict and suggests the published version is 1.2.1.