Back to plugin

Security audit

LLM Wiki Karpathy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Obsidian-vault knowledge-base runtime, and its file access fits that purpose.

This looks internally coherent. If you install it, expect it to read raw files and write wiki/state files inside the vault root you configure. Be careful not to point vaultRoot at a broader directory than intended. If you use its generated MCP/npx setup commands, consider pinning the npm package version instead of using @latest if you want reproducible behavior.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
scripts/build.mjs:13
Evidence
const child = spawn(