Obsidian 1 0 0.Local.Backup

Security checks across malware telemetry and agentic risk

Overview

This Obsidian helper is purpose-aligned, but it can read, change, and delete local notes, so users should confirm vaults and targets before running mutation commands.

Install only if you trust the obsidian-cli Homebrew source and want an agent to help manage Obsidian notes. Before move or delete operations, explicitly verify the active vault and exact note path, prefer backups or version control for important vaults, and avoid searching sensitive notes unless the task requires it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly documents a destructive delete operation without any warning about permanence, confirmation, backups, or safer alternatives. In an agent setting, this increases the chance that an automated workflow or user will invoke note deletion on the wrong vault or path, causing unintended data loss across personal or work knowledge bases.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal