ClawHub

Obsidian Karpathy Wiki

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Obsidian vault maintenance skill that can reorganize and update notes, but its behavior is disclosed and aligned with its purpose.

Install this only for an Obsidian vault where you want agent-assisted maintenance. Use a backup or version-controlled vault, restrict the agent to that vault directory, and require a preview before bulk moves, rewrites, heartbeat maintenance, or saving sensitive query outputs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description is very broad and can activate for many ordinary note-taking, querying, maintenance, or handoff tasks. Overly broad routing increases the chance an agent will invoke this skill in contexts where persistent file modification is unnecessary, which can lead to unintended vault changes and over-collection or restructuring of user data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This instruction set tells the agent to move loose notes, create or update source pages, update index files, and append logs, but it does not require explicit user confirmation before modifying vault contents. In a knowledge-base context, these operations are expected, but without a warning/consent boundary they can still cause unwanted file moves, destructive reorganization, or trust-eroding silent edits.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The skill directs the agent to save reusable answers into `wiki/outputs/` and append operational records to `wiki/log.md` without clearly disclosing that generated content will be persisted in the user's vault. While lower risk than moving files, silent persistence can create privacy, clutter, and provenance issues if users believe the response is ephemeral.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal