← 返回 Skills 市场
nubaby-obsidian
作者
arthurlin1979
· GitHub ↗
· v1.0.2
· MIT-0
78
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install nubaby-obsidian
功能描述
Arthur-OS / OB (Obsidian) governance skill for deciding where notes, reports, project docs, server docs, OpenClaw docs, AIout outputs, Library references, Pr...
安全使用建议
This skill is broadly coherent with an Obsidian/Arthur-OS governance role, but stop and check before installing or running it:
- Expect to need obsidian-cli (and likely ripgrep 'rg') available on the machine; the skill metadata failed to declare these dependencies. Install them or confirm availability first.
- The repository contains hard-coded bearer tokens in READONLY_GATEWAY_BOUNDARIES.md. Treat those as potential secrets — verify whether they are real, revoke them if they are, or remove/replace them with clearly labeled examples before using the skill.
- Review the scripts (scripts/ob_search.sh) before executing; it runs obsidian-cli and rg against your vault and will read local files. Running locally is expected for this skill, but validate the commands and paths.
- The skill emphasizes read-only behavior; keep to read/search actions unless you explicitly intend to perform edits and are sure of vault path and link-refactor implications.
If you want to proceed safely: request the skill author/source, ask them to (1) list required binaries in metadata (obsidian-cli, rg), (2) remove or redact any real tokens from files, and (3) confirm that any included tokens are only examples. If you cannot verify those, treat the skill as suspicious and avoid running its scripts or exposing your Obsidian vault to the described gateway endpoints.
功能分析
Type: OpenClaw Skill
Name: nubaby-obsidian
Version: 1.0.2
The skill bundle contains hardcoded authentication tokens and internal network IP addresses (e.g., 10.0.1.10:27133) within the file READONLY_GATEWAY_BOUNDARIES.md. While these appear to be configuration settings for a specific environment ('Arthur-OS'), hardcoding credentials and exposing internal network topology in a skill bundle is a significant security risk. The scripts/ob_search.sh file relies on external binaries like obsidian-cli and ripgrep to perform filesystem searches, which is consistent with the stated purpose but increases the attack surface if inputs are not properly handled by the underlying CLI tools.
能力标签
能力评估
Purpose & Capability
The skill claims to be an Arthur-OS / Obsidian governance helper and its docs and script match that purpose. However, the package metadata declares no required binaries or credentials while the SKILL.md and the helper script implicitly require 'obsidian-cli' (and the script's 'skill' mode uses 'rg' / ripgrep). That mismatch (declaring none but depending on them at runtime) is incoherent and will cause runtime failures or unexpected behavior if those tools are absent.
Instruction Scope
The SKILL.md stays within Obsidian governance scope (where to put notes, how to search, rules for moving/editing), and repeatedly emphasizes read-only and safe boundaries. However the references include explicit network gateway hosts/ports and two hard-coded bearer tokens (gateway bearer and plugin/apiKey) in READONLY_GATEWAY_BOUNDARIES.md. Embedding real-looking tokens in the skill's files is a risky artifact: it's not necessary for the governance instructions and could be misused if they are valid. The instructions also reference reading obsidian.json and the vault filesystem which is appropriate for the purpose but means the agent/script will access local user files — expected, but worth highlighting.
Install Mechanism
No install spec is provided (instruction-only), which is low-risk. The only code file is a small shell script (ob_search.sh) that will be run locally. This is proportional to the skill's purpose. Still, because there is no install step, the skill assumes existing system tooling (obsidian-cli, ripgrep), and that assumption is not declared in the registry metadata.
Credentials
The skill declares no required env vars or credentials, which is reasonable for a governance/help skill. However, the included reference file contains two explicit bearer tokens and guidance about token boundaries. Having these tokens in repository text is disproportionate and potentially dangerous: either they are sensitive secrets accidentally included, or they are placeholders (in which case they should be clearly marked as examples). Either scenario is concerning and should be resolved prior to use. No other unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true, does not request persistent privileges, and does not include an install routine that modifies other skills or global agent settings. Autonomous invocation is allowed by default (normal), but nothing here grants elevated or persistent system-level privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nubaby-obsidian - 安装完成后,直接呼叫该 Skill 的名称或使用
/nubaby-obsidian触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Refine nubaby-obsidian docs: faster entry routing, clearer search/path/gateway separation, quick index, and explicit reference responsibility boundaries.
v1.0.1
Clarify OB gateway anti-misdiagnosis checks for remote nodes (27133 host/token/health endpoint rules).
元数据
常见问题
nubaby-obsidian 是什么?
Arthur-OS / OB (Obsidian) governance skill for deciding where notes, reports, project docs, server docs, OpenClaw docs, AIout outputs, Library references, Pr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。
如何安装 nubaby-obsidian?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nubaby-obsidian」即可一键安装,无需额外配置。
nubaby-obsidian 是免费的吗?
是的,nubaby-obsidian 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
nubaby-obsidian 支持哪些平台?
nubaby-obsidian 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 nubaby-obsidian?
由 arthurlin1979(@arthurlin1979)开发并维护,当前版本 v1.0.2。
推荐 Skills