Obsidian Plugin Development

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Obsidian plugin development skill with expected setup and vault API examples, not hidden persistence or malware behavior.

Safe to install as a development guide. Before running the example commands, confirm whether you want a public GitHub repository, review the external template and package scripts, and test generated Obsidian plugins in a non-critical vault before enabling them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: obsidian-plugin description: Create and develop Obsidian plugins from scratch. Use when building a new Obsidian plugin, scaffolding from the sample-plugin-plus template, or developing plugin features. Covers project setup, manifest configuration, TypeScript development, settings UI, commands, ribbons, modals, and Obsidian API patterns. --- # Obsidian Plugin Development
Confidence: 60% confidence
Finding: Create and develop Obsidian plugins from scratch. Use when building a new Obsidian plugin, scaffolding from the sample-plugin-plus template, or developing plugin features. Covers project setup, manife

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal