← 返回 Skills 市场
429
总下载
1
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install obsidian-cloudflare-pages-skill
功能描述
Publish selected Obsidian markdown from a vault to a static site and deploy to Cloudflare Pages.
安全使用建议
This skill appears to do what it says: sync selected Markdown from an Obsidian vault, build with Quartz, and deploy to Cloudflare Pages. Before running it: 1) Use a dedicated test workspace directory (the tool runs rm -rf on the publish content folder and may clear the workspace during bootstrap). 2) Provide a scoped Cloudflare API token (Pages:Edit and DNS:Edit only if you need DNS automation). 3) Keep secrets out of chat and prefer the skill-local .env (and never commit your .env or config.json with real credentials). 4) Review config/config.json after running the wizard — basic auth credentials may be stored in plaintext there unless you move them to a protected .env. 5) If you're not on macOS, vault auto-detection may not work (the script checks a macOS-specific path). If any of these behaviours are unacceptable (deletion of workspace files or plaintext credentials), do not install or run the skill until you have reviewed/modified the code and configured a safe workspace.
功能分析
Type: OpenClaw Skill
Name: obsidian-cloudflare-pages-skill
Version: 0.1.0
The skill provides legitimate automation for publishing Obsidian notes to Cloudflare Pages, but the implementation in 'bin/publishmd-cf.js' contains significant security vulnerabilities. It uses 'execSync' to execute shell commands (rsync, wrangler) with unsanitized input from the configuration file, creating a high risk of command injection if the config is manipulated. Additionally, the 'ensureBasicAuthMiddleware' function generates a Cloudflare Worker script with hardcoded credentials, and the 'sync' function performs 'rm -rf' on paths derived from user-controlled configuration without adequate validation.
能力评估
Purpose & Capability
Name/description (publish Obsidian/Markdown to Cloudflare Pages) align with the included CLI (bin/publishmd-cf.js), README, and SKILL.md. Required binaries and env vars described in the docs (node, rsync, npm, npx, quartz, wrangler, CLOUDFLARE_API_TOKEN / CLOUDFLARE_ACCOUNT_ID) are exactly what a Cloudflare Pages deployer + static-site builder would need.
Instruction Scope
Instructions and the CLI operate within the publishing workflow (init, wizard, sync, build, deploy). The script intentionally reads an Obsidian config file (~/Library/Application Support/obsidian/obsidian.json) to detect vaults — this is consistent with its purpose but is macOS-specific. The sync step runs destructive commands (rm -rf "<dest>"/* and rsync into the workspace) and the README/SKILL.md explicitly warn that a fallback bootstrap may clear files in the configured workspace. These destructive operations are expected for a sync/deploy tool but mean you should point the skill at a dedicated/test workspace and review config before running.
Install Mechanism
No install spec — instruction-only with a bundled Node CLI. That is the lowest-install-risk category. The script uses child_process.execSync to invoke system binaries (rsync, npx, wrangler), which is expected for a CLI orchestration tool and matches the declared prerequisites.
Credentials
The skill does not require unrelated credentials. It expects Cloudflare API token and account id environment variables (names configurable) — appropriate for deploying to Pages. A caution: the wizard and config store basic-auth username/password and some settings in the skill-local config/config.json (and .env is recommended for tokens). Storing credentials in config.json or leaving .env in an unprotected location would expose secrets; the docs recommend .env and not committing personal config.
Persistence & Privilege
always:false and normal autonomous invocation defaults. The skill writes its own config (config.json), may create middleware at <workspace>/functions/_middleware.js for basic auth, and will modify files under the configured workspace/content directory. It does not request elevated agent-wide privileges or edit other skills' configs. Because it can delete/overwrite workspace content, the user should configure an isolated workspace.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install obsidian-cloudflare-pages-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/obsidian-cloudflare-pages-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
obsidian-cloudflare-pages-skill 0.1.0 – Initial Release
- Publish selected Obsidian or Markdown notes as a static site and deploy to Cloudflare Pages.
- Provides CLI commands for easy configuration, syncing, building (with Quartz), and deploying.
- Safety-focused defaults: allowlist publishing, optional frontmatter gate, and private folder exclusion.
- Supports interactive setup, project initialization, and validation with doctor commands.
- Environment variables or `.env` files supported for secrets and Cloudflare API tokens.
- Includes basic optional authentication and best practices for usage and security.
元数据
常见问题
Obsidian Cloudflare Pages 是什么?
Publish selected Obsidian markdown from a vault to a static site and deploy to Cloudflare Pages. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 429 次。
如何安装 Obsidian Cloudflare Pages?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install obsidian-cloudflare-pages-skill」即可一键安装,无需额外配置。
Obsidian Cloudflare Pages 是免费的吗?
是的,Obsidian Cloudflare Pages 完全免费(开源免费),可自由下载、安装和使用。
Obsidian Cloudflare Pages 支持哪些平台?
Obsidian Cloudflare Pages 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Obsidian Cloudflare Pages?
由 David O.(@davidyoh)开发并维护,当前版本 v0.1.0。
推荐 Skills