Obsidian笔记助手

Security checks across malware telemetry and agentic risk

Overview

This Obsidian helper is a straightforward note-management skill that clearly centers on local Markdown vault reads and writes, with no hidden installer, networking, credential use, or persistence.

Install only if you are comfortable letting the agent read and modify your Obsidian vault. Before using write actions, confirm the vault path and target filenames, preview generated content, and keep normal backups for important notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation phrases ("Obsidian / 笔记 / 知识库 / 双向链接") are broad enough that ordinary conversation about notes or knowledge bases could unintentionally trigger the skill. Because the skill includes file-reading and file-writing behaviors against a local vault, accidental activation can lead to unintended modification or disclosure of note contents.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly performs direct writes to Markdown files in the Obsidian vault but does not present an explicit warning or consent step about modifying user data. In this context, silent write capability is risky because a user may invoke the skill expecting read-only assistance while the skill creates or overwrites notes in a personal knowledge base.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal