Back to plugin

Security audit

LLM Knowledge Bases

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local Obsidian-vault knowledge-base runtime, and its requested access matches that purpose.

This skill appears internally coherent: it is meant to let an agent manage a local Markdown knowledge base, so access to your chosen vault directory is expected. Install it only if you are comfortable with the agent reading raw files in that vault and writing generated notes/indexes/state there. If you use the generated MCP setup commands, consider pinning the npm package version instead of using @latest.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/build.mjs:13
Evidence
const child = spawn(