ClawHub

Awesome Obsidian

Security checks across malware telemetry and agentic risk

Overview

This Obsidian organization skill is coherent, but users should be careful because its optional Git sync examples can upload an entire note vault.

Install this only if you want a Chinese-language Obsidian/PARA workflow. Before syncing, verify the vault path, run git status or review changes, use a private repository and least-privilege token, add .gitignore rules for sensitive notes or attachments, and avoid the suggested unattended cron sync unless you are comfortable with automatic full-vault uploads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description includes very broad trigger phrases such as “Obsidian”, “笔记整理”, “库整理”, and “知识管理”, which can cause the skill to activate in many ordinary note-taking contexts beyond its intended scope. Over-broad activation increases the chance the skill will intercept unrelated user requests, apply unintended workflows, or expose users to commands and guidance they did not explicitly request.

Natural-Language Policy Violations

Low
Confidence
73% confidence
Finding
The naming convention section states “中文笔记(优先)”, which imposes a language preference without explicit user opt-in. While not directly a security exploit, this can lead the agent to transform or bias user content in ways the user did not request, especially in a note-management skill that may rename files or restructure a vault automatically.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes a broad natural-language phrase, "添加到今天的笔记", which can plausibly appear in ordinary conversation and cause unintended skill activation. In an agent setting, accidental invocation can lead to unexpected file edits or workflow actions, especially because this skill chains into note updates and Git operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The recommended cron job automatically runs git pull/add/commit/push on the entire vault every two hours without warning users that private notes may be uploaded to remote repositories. In a personal knowledge-management context, vault contents commonly include sensitive personal, work, or credential-adjacent information, so silent synchronization materially increases privacy and data-exposure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal