memory-keep-alive-for-obsidian Security Report — Low Risk | ClawSafe

20 /100

memory-keep-alive-for-obsidian

Automatic task memory and keep-alive loop for Obsidian-backed agents. Every task gets persistent notes. Arm the loop for long tasks, disarm when done.

The skill is a task-memory and keep-alive loop for Obsidian vaults. Shell access is used for cron job management (legitimate and documented), filesystem scope is constrained to the vault directory, and no sensitive data access, network exfiltration, or obfuscation was found. The `rm -rf ~` reference is uninstall documentation only, not live code.

Skill Namememory-keep-alive-for-obsidian

Duration47.0s

Enginepi

✓

Safe to install

No immediate action required. Consider narrowing the install script's filesystem scope to avoid broad `rm -rf` documentation in user-facing guides.

Findings 3 items

Severity	Finding	Location
Low	Shell usage in install script not declared in SKILL.md install.sh uses `grep` and direct file writes to jobs.json when the OpenClaw CLI is unavailable. SKILL.md only describes the skill behavior and does not document the installation mechanism or shell-level operations. This is a minor documentation gap — the shell usage is for legitimate cron job setup and has no direct security impact on the running skill. `if openclaw cron list 2>/dev/null \| grep -q "$name"; then` → Document that the install script may invoke shell commands (grep, openclaw CLI) for cron job registration. Alternatively, move install.sh out of the skill directory or mark it as a separate deployment artifact.	`install.sh:61`
Low	Broad `rm -rf` in uninstall documentation INSTALL.md line 108 documents `rm -rf ~/.openclaw/skills/memory-keep-alive-for-obsidian` as the uninstall step. This is documentation text, not executable code, but the pattern is potentially dangerous if a user misreads or miscopies it. The `rm -rf ~` IOC in the pre-scan appears to be a false positive generated from this documentation line rather than actual malicious code. `rm -rf ~/.openclaw/skills/memory-keep-alive-for-obsidian` → Consider using a safer uninstall pattern in documentation (e.g., `rm -r "$HOME/.openclaw/skills/memory-keep-alive-for-obsidian"`) or explicitly disclaim the danger of copy-pasting this command.	`INSTALL.md:108`
Low	Inline Python for jobs.json modification install.sh uses a Python heredoc to read and modify jobs.json when the OpenClaw CLI is unavailable. This touches a shared OpenClaw config file and could theoretically conflict with concurrent modifications. The Python code uses secrets.token_hex(6) for job IDs which is cryptographically reasonable. `python3 - "$JOBS_FILE" "$NOW" <<'PYEOF'` → Add file locking or atomic write behavior to the jobs.json modification. Use `json.load`/`json.dump` with an atomic rename for safe concurrent writes.	`install.sh:149`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ+WRITE`	`READ+WRITE`	✓ Aligned	SKILL.md: 'Task Memory' section declares filesystem writes to <vault>/Tasks/
Shell	`NONE`	`WRITE`	✓ Aligned	install.sh:61 — openclaw cron list \| grep -q; install.sh:149-161 — writes jobs.j…
Network	`NONE`	`NONE`	—	No network calls found in any file
Environment	`NONE`	`NONE`	—	Only reads OPENCLAW_DIR and VAULT_PATH environment variables, no credential harv…
Skill Invoke	`NONE`	`NONE`	—	Cron jobs reference 'memory-keep-alive-for-obsidian' as skill name only
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser access found
Database	`NONE`	`NONE`	—	No database access found

1 Critical 1 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf ~

INSTALL.md:108

File Tree

12 files · 31.1 KB · 862 lines

Markdown 11f · 651L Shell 1f · 211L

├─ ▾ 📁 examples

│ └─ 📝 WORKFLOW-INDEX.md Markdown 17L · 280 B

├─ ▾ 📁 prompts

│ ├─ 📝 escalator-prompt.md Markdown 42L · 2.1 KB

│ ├─ 📝 replayer-prompt.md Markdown 39L · 1.9 KB

│ ├─ 📝 smoke-test-prompt.md Markdown 32L · 1.5 KB

│ ├─ 📝 validator-prompt.md Markdown 23L · 1.5 KB

│ └─ 📝 watchdog-prompt.md Markdown 75L · 2.8 KB

├─ ▾ 📁 templates

│ ├─ 📝 LOOP-STATE.md Markdown 10L · 248 B

│ └─ 📝 TEMPLATE.md Markdown 58L · 1.2 KB

├─ 📝 INSTALL.md Markdown 117L · 4.8 KB

├─ 🔧 install.sh Shell 211L · 6.4 KB

├─ 📝 README.md Markdown 100L · 3.4 KB

└─ 📝 SKILL.md Markdown 138L · 5.0 KB

Security Positives

✓ No credential harvesting or environment variable enumeration found

✓ No network requests, no external IP communication, no data exfiltration

✓ No base64, eval, or obfuscated code detected

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No curl|bash or wget|sh remote script execution patterns

✓ All file operations are scoped to the user-provided vault path and OpenClaw config directory

✓ Vault scope is explicitly enforced in all prompt files (watchdog, replayer, escalator, validator)

✓ Cron job prompts all include a loop gate that stops execution when the loop is disarmed

✓ No reverse shell, C2, or data theft indicators found

✓ Skill behavior is well-documented in SKILL.md and README.md with no hidden capabilities

Scan Report

Findings 3 items

File Tree

Security Positives