Security audit

Obsidian

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Obsidian note helper with disclosed local note operations, including deletion that users should handle carefully.

Install this only if you want an agent to help manage your Obsidian vault. Review any move, edit, or delete command before it runs, especially when multiple vaults are configured, and keep backups or version control for important notes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill explicitly documents a note deletion command without any caution, confirmation guidance, or backup recommendation. In a filesystem-backed note vault, this can lead an agent or user to irreversibly remove data from the wrong vault or path, especially because the skill also discusses multiple vaults and default-vault resolution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.