ClawHub

Obsidian CLI (kepano)

Security checks across malware telemetry and agentic risk

Overview

This Obsidian helper is coherent and disclosed, but it can read or change private notes and run developer commands, so users should scope its use carefully.

Install only if you trust your local Obsidian CLI. When using it, name the vault and target note/path for reads and writes, review mutations before running them, avoid --copy for sensitive note content, and reserve JavaScript eval/CDP/debugger commands for explicit plugin-development work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broadly worded enough to trigger on many user requests involving notes, files, vault operations, or development tasks, which can cause the agent to invoke a powerful local-control skill in situations where a narrower tool would be safer. In this skill's context, that broad activation is more dangerous because the CLI can read and modify vault contents, copy data to the clipboard, and execute JavaScript in the Obsidian app context.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation advertises a global '--copy' capability without warning that command output may contain sensitive vault contents, metadata, search results, or debugging information that will be placed on the system clipboard. Clipboard contents are easily pasted into the wrong destination or read by other local software, so missing warning text increases the chance of unintended data exposure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal