ClawHub

obsidian-llm-wiki

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for managing an Obsidian knowledge base, but it understates that it can run commands and overwrite local vault files.

Use this only with a new or backed-up Obsidian vault. Review scripts/init-wiki.sh before running it, avoid pointing it at an existing curated vault unless you accept overwrites, and expect supplied URLs or local files to be processed by external tools and persisted as Markdown notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The Security section materially understates the skill's behavior. Elsewhere the document instructs fetching remote content via external tools and storing state outside the vault (for example `~/.llm-wiki-vault`), so users may grant trust or approval under false assumptions about data flow and execution boundaries. This is dangerous because inaccurate security claims can cause users to expose local files, network metadata, or remote content to tooling they did not realize would run.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The documentation claims there is 'no external code execution', but the workflows explicitly direct execution of shell scripts and multiple external commands (`init-wiki.sh`, `obsidian`, `bun`, `uv`, and other extractors). That mismatch can mislead users and downstream agents into treating the skill as low-risk when it actually has command-execution capability, increasing the chance of unintended local changes, data exposure, or command abuse through unsafe inputs passed to tools.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill is designed to create, overwrite, append, and replace content in a user's Obsidian vault, but the early description emphasizes convenience and management benefits more than the risk of destructive modification. In a knowledge-base context, silent or poorly signposted overwrites are meaningful because users may lose curated notes, templates, or index structure if the agent applies automated updates unexpectedly.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script unconditionally overwrites README.md, index.md, and log.md in the user-supplied vault path using shell redirection, which can destroy existing content without confirmation or backup. In the context of a knowledge-base management skill, users are especially likely to point the script at an existing Obsidian vault, making unintended data loss a realistic risk.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal