Obsidian

Name: obsidian
Author: steipete

Share on X Share on LinkedIn Share on Bluesky

70High

The skill introduces supply chain risk via an untrusted brew tap and is vulnerable to command injection from unsanitized user input.

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Obsidian: Obsidian vault = a normal folder on disk.

Actually does

This skill uses the `obsidian-cli` tool to manage Obsidian vaults. It can set/print default vaults, search note names and content, create new notes, move/rename notes (updating internal links), and delete notes. It reads `~/Library/Application Support/obsidian/obsidian.json` to identify active vaults and utilizes Obsidian's URI handler for certain operations.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namesteipete/obsidian

Registryclawhub

Version1.0.0

PURLpkg:clawhub/steipete/obsidian@1.0.0

Stars324

Downloads81,256

Installs2,373

Source

Repository ↗

SHA-256dc45b522a0f0...

SHA-1fc8dd58373a0...

MD54520687795e6...

TLSH8041a7df778a...

Size2,334 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/steipete/obsidian

81,256 downloads2,373 installs

ClawHubDocs

openclaw skills install steipete/obsidian

Assessments (1)

AI Agent Traps ↗

Supply Chain Risk via Custom Brew Tapmediumsupply chain

The skill installs 'obsidian-cli' from a custom 'brew' tap ('yakitrak/yakitrak'). This introduces a supply chain risk as the integrity of this third-party repository and the tool it provides cannot be guaranteed, potentially leading to the installation of malicious software.

100% confidenceline 5

install":[{"id":"brew","kind":"brew","formula":"yakitrak/yakitrak/obsidian-cli"

Potential for Command Injection via obsidian-clihighcommand execution

The skill relies heavily on executing `obsidian-cli` commands. If user-provided input is directly passed as arguments to these commands without proper sanitization, it could lead to command injection, allowing an attacker to execute arbitrary system commands.

100% confidenceline 36

`obsidian-cli set-default "<vault-folder-name>"`, `obsidian-cli search "query"`, `obsidian-cli create "Folder/New note" --content "..."`

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/obsidian.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/steipete/obsidian)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/steipete/obsidian"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/obsidian.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/obsidian.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow