Obsidian Remote

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Obsidian remote-control helper, but it gives an agent very powerful access to private notes and app internals without enough safety boundaries.

Install only if you intentionally want an agent to control a live Obsidian vault. Use a test or backed-up vault first, avoid dev-tool/eval/CDP commands unless explicitly needed, and require manual confirmation before delete, permanent delete, publish, restore, plugin, theme, snippet, or bulk-search actions, especially on vaults containing credentials or private material.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents broad remote-control capabilities over a live Obsidian desktop instance, including deleting files, restoring prior versions, publishing content, managing plugins, taking screenshots, querying the DOM, and executing arbitrary JavaScript via `obsidian eval` and CDP methods. Presenting these powerful operations without explicit safety boundaries, confirmation requirements, or cautions materially increases the risk of accidental destructive actions, privacy exposure, and abuse if an agent follows user prompts too literally.

VirusTotal

No VirusTotal findings

View on VirusTotal