Obsidian Task

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Obsidian task helper whose note-editing behavior is expected for managing tasks, though users should treat write commands as real vault edits.

Install this only if you want an agent to operate on tasks in your Obsidian vault. Ask for a preview or confirmation before running toggle, done, todo, or append actions, especially on important notes or bulk task lists.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents commands that toggle, complete, and append tasks in the user's Obsidian vault but does not clearly warn that these operations modify note contents. In an agent setting, that omission can lead users to invoke destructive or unintended state-changing commands under the assumption they are read-only, causing accidental note edits or task corruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal