Back to skill

Security audit

Obsidian Tasknotes

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it lets an agent manage Obsidian TaskNotes through a local API, with normal caution needed for deletes and API tokens.

Install this only if you want Codex to manage your Obsidian TaskNotes. Enable an API token, keep the .env file private, keep the TaskNotes API bound to localhost, and ask for explicit confirmation before deletes or broad updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly depends on environment variables and a local HTTP API, but it does not declare corresponding permissions or trust boundaries. Missing permission disclosure can cause an agent or user to invoke a skill with network and secret access without understanding that it may read credentials and interact with local services.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary task-related requests, which increases the chance the skill is invoked automatically in situations where the user did not intend interaction with a local Obsidian API. Because the skill can create, update, and delete tasks, overbroad activation expands the risk of unintended modification of local notes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation advertises deletion of task files without warning that this is destructive and may permanently remove Markdown notes from the vault. In a note-management context, users may assume reversible task-state changes rather than file deletion, making accidental data loss more likely.

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.