ClawHub

Obsidian Helper

Security checks across malware telemetry and agentic risk

Overview

This Obsidian helper is purpose-aligned but needs review because it advertises private-note editing and deletion while the actual helper command is missing and the installer makes persistent shell changes.

Review this version before installing. It appears non-malicious, but the package is incomplete and tries to install a missing helper command; a corrected version should include the actual script, require explicit confirmation before deleting notes, document backup or trash behavior, and ask before changing `~/.bashrc`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
79% confidence
Finding
The skill clearly instructs users to run shell commands and install a script into ~/bin, but the metadata declares only required binaries and environment variables, not the effective shell capability or any permission model. This mismatch can cause the skill to be invoked without users or the platform fully understanding that it performs command-line actions affecting local files.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger description includes broad language such as 'any Obsidian vault operations,' which can match many routine note-related requests and cause unintended invocation. Over-broad triggering increases the chance that a destructive or state-changing skill runs in contexts where the user did not specifically ask for it.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation advertises a delete/rm capability for notes without any warning, confirmation requirement, recycle-bin behavior, or recovery guidance. In the context of a note-management skill operating on a user's local vault, this makes accidental data loss materially more likely.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script appends to ~/.bashrc without asking the user first, creating persistent changes to the shell environment. While the specific change is not a payload, silent persistence-oriented modification reduces user control and can normalize unsafe installer behavior.

Session Persistence

Medium
Category
Rogue Agent
Content
echo "=== Obsidian Helper 安装 ==="

# 创建 bin 目录
mkdir -p ~/bin

# 复制脚本
cp "$SCRIPT_DIR/scripts/obsidian" ~/bin/obsidian
Confidence
76% confidence
Finding
mkdir -p ~/bin # 复制脚本 cp "$SCRIPT_DIR/scripts/obsidian" ~/bin/obsidian chmod +x ~/bin/obsidian # 添加到 PATH if ! grep -q 'export PATH="$HOME/bin:$PATH"' ~/.bashrc 2>/dev/null; then echo 'export PA

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal