Shell command execution detected (child_process).
Critical
- Code
- suspicious.dangerous_exec
- Location
- scripts/build.mjs:13
- Evidence
const child = spawn(
Security audit
Security checks across malware telemetry and agentic risk
This appears to be a local Obsidian-vault knowledge-base runtime, and its requested access matches that purpose.
This skill appears internally coherent: it is meant to let an agent manage a local Markdown knowledge base, so access to your chosen vault directory is expected. Install it only if you are comfortable with the agent reading raw files in that vault and writing generated notes/indexes/state there. If you use the generated MCP setup commands, consider pinning the npm package version instead of using @latest.
VirusTotal engine telemetry is currently stale for this artifact.
Detected: suspicious.dangerous_exec
const child = spawn(