Obsidian

OpenClaw 分析

The skill's instructions are plausible for automating Obsidian via obsidian-cli, but there are several inconsistencies and privacy-relevant actions (reading a user config file) that aren't declared or explained.

置信度: medium

VirusTotal

Type: OpenClaw Skill Name: obsidian Version: 1.0.0 The skill is classified as suspicious due to its reliance on installing a third-party command-line tool (`obsidian-cli`) from a custom Homebrew tap (`yakitrak/yakitrak`) as specified in `SKILL.md`. This introduces a supply chain risk, as the integrity of the `obsidian-cli` tool depends on the `yakitrak` maintainer. Additionally, `SKILL.md` explicitly instructs the AI agent to read a local configuration file (`~/Library/Application Support/obsidian/obsidian.json`), which, while necessary for the stated purpose, represents a direct instruction for file system access, a high-risk capability. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence.