← Back to Skills Marketplace
429
Downloads
1
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install obsidian-cloudflare-pages-skill
Description
Publish selected Obsidian markdown from a vault to a static site and deploy to Cloudflare Pages.
Usage Guidance
This skill appears to do what it says: sync selected Markdown from an Obsidian vault, build with Quartz, and deploy to Cloudflare Pages. Before running it: 1) Use a dedicated test workspace directory (the tool runs rm -rf on the publish content folder and may clear the workspace during bootstrap). 2) Provide a scoped Cloudflare API token (Pages:Edit and DNS:Edit only if you need DNS automation). 3) Keep secrets out of chat and prefer the skill-local .env (and never commit your .env or config.json with real credentials). 4) Review config/config.json after running the wizard — basic auth credentials may be stored in plaintext there unless you move them to a protected .env. 5) If you're not on macOS, vault auto-detection may not work (the script checks a macOS-specific path). If any of these behaviours are unacceptable (deletion of workspace files or plaintext credentials), do not install or run the skill until you have reviewed/modified the code and configured a safe workspace.
Capability Analysis
Type: OpenClaw Skill
Name: obsidian-cloudflare-pages-skill
Version: 0.1.0
The skill provides legitimate automation for publishing Obsidian notes to Cloudflare Pages, but the implementation in 'bin/publishmd-cf.js' contains significant security vulnerabilities. It uses 'execSync' to execute shell commands (rsync, wrangler) with unsanitized input from the configuration file, creating a high risk of command injection if the config is manipulated. Additionally, the 'ensureBasicAuthMiddleware' function generates a Cloudflare Worker script with hardcoded credentials, and the 'sync' function performs 'rm -rf' on paths derived from user-controlled configuration without adequate validation.
Capability Assessment
Purpose & Capability
Name/description (publish Obsidian/Markdown to Cloudflare Pages) align with the included CLI (bin/publishmd-cf.js), README, and SKILL.md. Required binaries and env vars described in the docs (node, rsync, npm, npx, quartz, wrangler, CLOUDFLARE_API_TOKEN / CLOUDFLARE_ACCOUNT_ID) are exactly what a Cloudflare Pages deployer + static-site builder would need.
Instruction Scope
Instructions and the CLI operate within the publishing workflow (init, wizard, sync, build, deploy). The script intentionally reads an Obsidian config file (~/Library/Application Support/obsidian/obsidian.json) to detect vaults — this is consistent with its purpose but is macOS-specific. The sync step runs destructive commands (rm -rf "<dest>"/* and rsync into the workspace) and the README/SKILL.md explicitly warn that a fallback bootstrap may clear files in the configured workspace. These destructive operations are expected for a sync/deploy tool but mean you should point the skill at a dedicated/test workspace and review config before running.
Install Mechanism
No install spec — instruction-only with a bundled Node CLI. That is the lowest-install-risk category. The script uses child_process.execSync to invoke system binaries (rsync, npx, wrangler), which is expected for a CLI orchestration tool and matches the declared prerequisites.
Credentials
The skill does not require unrelated credentials. It expects Cloudflare API token and account id environment variables (names configurable) — appropriate for deploying to Pages. A caution: the wizard and config store basic-auth username/password and some settings in the skill-local config/config.json (and .env is recommended for tokens). Storing credentials in config.json or leaving .env in an unprotected location would expose secrets; the docs recommend .env and not committing personal config.
Persistence & Privilege
always:false and normal autonomous invocation defaults. The skill writes its own config (config.json), may create middleware at <workspace>/functions/_middleware.js for basic auth, and will modify files under the configured workspace/content directory. It does not request elevated agent-wide privileges or edit other skills' configs. Because it can delete/overwrite workspace content, the user should configure an isolated workspace.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install obsidian-cloudflare-pages-skill - After installation, invoke the skill by name or use
/obsidian-cloudflare-pages-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
obsidian-cloudflare-pages-skill 0.1.0 – Initial Release
- Publish selected Obsidian or Markdown notes as a static site and deploy to Cloudflare Pages.
- Provides CLI commands for easy configuration, syncing, building (with Quartz), and deploying.
- Safety-focused defaults: allowlist publishing, optional frontmatter gate, and private folder exclusion.
- Supports interactive setup, project initialization, and validation with doctor commands.
- Environment variables or `.env` files supported for secrets and Cloudflare API tokens.
- Includes basic optional authentication and best practices for usage and security.
Metadata
Frequently Asked Questions
What is Obsidian Cloudflare Pages?
Publish selected Obsidian markdown from a vault to a static site and deploy to Cloudflare Pages. It is an AI Agent Skill for Claude Code / OpenClaw, with 429 downloads so far.
How do I install Obsidian Cloudflare Pages?
Run "/install obsidian-cloudflare-pages-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Obsidian Cloudflare Pages free?
Yes, Obsidian Cloudflare Pages is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Obsidian Cloudflare Pages support?
Obsidian Cloudflare Pages is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Obsidian Cloudflare Pages?
It is built and maintained by David O. (@davidyoh); the current version is v0.1.0.
More Skills