nubaby-obsidian
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly a coherent Obsidian note-management helper, but it exposes fixed vault access tokens and private network details while also documenting note mutation and deletion workflows.
Install only after removing and rotating the exposed Obsidian gateway/plugin credentials. Use user-supplied scoped credentials outside the skill text, keep remote access read-only and LAN-limited, declare required local tools, and require explicit confirmation before any create, move, rename, direct edit, or delete action.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.