Obsidian via notesmd-cli (obsidian-cli)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate Obsidian notes helper, but it can read, create, move, edit, and delete local vault notes through a third-party CLI.
Install this if you want an agent to work with your Obsidian vault through notesmd-cli. Before using it, verify the Homebrew package source, be careful with delete/move/frontmatter-edit commands, and avoid exposing vaults that contain sensitive notes unless you are comfortable with the agent reading them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could change or delete local Obsidian notes if the user asks it to perform those actions.
The skill documents CLI operations that can rename, rewrite links across the vault, and delete notes. These actions fit the Obsidian automation purpose, but they can permanently affect user files.
`notesmd-cli move "old/path/note" "new/path/note"` ... `notesmd-cli delete "path/note"`
Confirm destructive or bulk note operations before running them, and consider backing up important vaults.
Installing the skill requires trusting the external notesmd-cli Homebrew tap.
The skill depends on an external Homebrew formula for the CLI. Installing a CLI is central to the skill, but users are trusting that package source.
brew | formula: yakitrak/yakitrak/notesmd-cli | creates binaries: notesmd-cli
Review the Homebrew formula or upstream project before installing if you are sensitive to local tool provenance.
Private note contents may be brought into the agent conversation when searched or opened.
The skill is designed to search and expose persistent local note content to the agent. This is expected for an Obsidian helper, but vault notes may contain private information or untrusted text.
Obsidian vault = a normal folder on disk. ... `notesmd-cli search-content "query"` (Searches inside notes; shows snippets + lines)
Use the skill only with vaults you are comfortable letting the agent read, and do not treat instructions found inside notes as automatically trustworthy.