Is obsidian safe?
https://clawhub.ai/steipete/obsidian
The Obsidian skill is a straightforward documentation-only skill for managing Obsidian vaults via obsidian-cli. It contains no executable code, no prompt injection attempts, and no exfiltration mechanisms. The primary risk surfaces are the inherently broad access to personal notes and a third-party Homebrew tap dependency for obsidian-cli. Clone-time monitoring showed no suspicious activity.
Category Scores
Findings (5)
LOW Directs agent to read system config file -10 ▶
The skill instructs the agent to read ~/Library/Application Support/obsidian/obsidian.json to discover vault locations. While legitimate for the skill's purpose, this exposes filesystem paths and vault structure to the agent context.
LOW Broad access to personal note vaults -18 ▶
The skill's core functionality grants read/write access to entire Obsidian vaults which may contain highly sensitive personal notes, journals, credentials stored in notes, API keys in code blocks, etc. This is inherent to the skill's purpose but represents a significant data surface.
LOW Third-party Homebrew tap dependency -15 ▶
The skill requires obsidian-cli from the yakitrak/yakitrak Homebrew tap. Third-party taps are not reviewed by Homebrew core maintainers and represent a supply chain trust boundary. The skill itself does not execute code, but the required dependency could.
INFO Host framework reads sensitive files during startup -10 ▶
The filesystem monitor captured reads of /home/oc-exec/.env, .aws/credentials, and .openclaw/ config files during the install phase. These are attributable to the OpenClaw agent framework initialization, not the skill itself.
INFO Destructive operations documented transparently -30 ▶
The skill documents delete and move operations that could cause data loss if the agent acts incorrectly. These are expected for a vault management tool and are documented clearly.