Obsidian Cloudflare Pages

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but its publishing CLI can delete files in configurable local paths and run unpinned setup/deploy commands, so it should be reviewed before use.

Install only if you are comfortable reviewing and controlling the config. Use a dedicated empty workspace, verify `workspaceDir`, `contentDir`, include/exclude folders, and generated content before running `run`; start with a test Cloudflare Pages project; keep Cloudflare tokens least-privileged and out of chat; do not rely on the optional Basic Auth for highly sensitive notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The setup flow executes package managers and clones remote code from GitHub, which expands the skill from a local publish helper into a remote code bootstrapper. This is dangerous because it implicitly trusts third-party network content and install scripts, increasing supply-chain and unexpected code execution risk on the user's machine.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The wizard collects basic-auth credentials and stores them in plaintext in config, then writes them into generated middleware source. This exposes secrets to local file disclosure, accidental commits, backups, and other users on the system, weakening the protection intended by the basic-auth feature.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The sync step unconditionally runs a destructive `rm -rf` against the destination content directory before repopulating it. If configuration is wrong or manipulated, this can erase unintended files in the workspace and cause data loss without any confirmation or dry-run safeguard.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The fallback bootstrap path deletes the contents of the configured workspace directory with `rm -rf` if setup fails and the directory is non-empty. A misconfigured or attacker-influenced workspace path could therefore cause destructive loss of arbitrary local project files, making this materially risky.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal