Safety Report

obsidian-notesmd-cli-command

Name: obsidian-notesmd-cli-command
Author: michael-c-matias

@michael-c-matias

Work with Obsidian vaults (plain Markdown notes) and automate via obsidian-cli.

124Downloads

0Installs

0Stars

1Versions

Workflow Automation8,822 Browser Automation5,375 CLI & Shell Tools3,679 Documentation2,718

Security Analysis

medium confidence

Suspicious0.12 risk

The skill's purpose and required binary (obsidian-cli) line up, but there are a few inconsistencies and modest risks (macOS-only config path not declared, third‑party Homebrew tap) that you should review before installing.

Mar 20, 20261 files3 concerns

Purpose & Capabilitynote

The name/description (work with Obsidian vaults via obsidian-cli) matches the declared required binary and the instructions. However, the SKILL.md refers to a macOS-specific config file (~/Library/Application Support/obsidian/obsidian.json) even though the skill metadata does not declare any OS restriction or config paths. This is a minor mismatch in declared requirements vs. runtime guidance.

Instruction Scopenote

Runtime instructions mostly stay on‑task (search, create, move, delete notes using obsidian-cli). They explicitly instruct reading the user-specific config file to find active vaults, which is relevant to the purpose but is an undeclared file read of a user data path. The instructions also assume Obsidian’s URI handler and macOS paths; there is no guidance for Linux/Windows locations.

Install Mechanismnote

The install spec uses Homebrew (brew formula yakitrak/yakitrak/obsidian-cli) which will create the obsidian-cli binary. Using Homebrew is normal, but this is a third‑party tap (yakitrak) rather than the core Homebrew repository: moderate risk if you don't trust that tap. No arbitrary downloads or archives are present.

Credentialsok

The skill declares no environment variables, credentials, or config paths. That is proportionate to its stated purpose (it only needs the obsidian-cli binary). The only runtime data the instructions reference is the user config file (vault locations).

Persistence & Privilegeok

always:false and no install-time scripts or code files are included. This is an instruction-only skill that relies on an external binary; it does not request persistent elevated privileges or modify other skills' configs.

Guidance

This skill appears to be what it claims (an obsidian-cli helper) but review a few things before installing: 1) The SKILL.md reads ~/Library/Application Support/obsidian/obsidian.json (macOS); if you’re on Linux/Windows or expect cross-platform use, confirm path handling. 2) The Homebrew formula is hosted in a third‑party tap (yakitrak); verify the tap and formula source before brew install to avoid installing untrusted binaries. 3) The skill will read your Obsidian config to find vault paths—these are local user files (not secret keys, but they reveal note locations). If you’re uncomfortable, run obsidian-cli manually first to verify behavior, or inspect the brew formula source. If you can provide the brew formula URL or the formula source repo, I can re-evaluate and raise or lower confidence.

Latest Release

v1.0.0

--- name: obsidian description: Work with Obsidian vaults via notesmd-cli metadata: requires: { bins: ["notesmd-cli"] } install: - { id: "brew", formula: "yakitrak/yakitrak/notesmd-cli" } - { id: "manual", label: "Manual install from GitHub releases" } ---

Popular Skills

PDF Text Extractor

@Michael-laffin · 12 stars

File Deduplicator

@Michael-laffin · 6 stars

Price Tracker

@Michael-laffin · 4 stars

Landing Page Generator

@Michael-laffin · 4 stars

Content Recycler

@Michael-laffin · 4 stars

Product Description Generator

@Michael-laffin · 2 stars

Published by @michael-c-matias on ClawHub