ClawHub

obsidian-wiki

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local Obsidian-style wiki maintainer, but it can automatically process files, write persistent notes, run on a schedule, and install Python packages.

Install only if you want an autonomous local wiki maintainer. Use a dedicated ~/Obsidian Wiki folder, place only intended files in raw, review cron scheduling before enabling it, keep backups, and approve any Python or pip installation in an isolated environment when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly advertises automatic installation of Python packages as part of routine document conversion, which exceeds the expected scope of a wiki-building skill and introduces system-modifying behavior. Even if intended for convenience, package installation can change the host environment, pull untrusted code from package indexes, and create persistence or compatibility risks in unattended runs.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The FileConverter instructions include installing Python via brew/apt and using pip automatically, including guidance that invokes privileged package-manager operations. This is dangerous because a content-processing skill should not escalate into host-level software provisioning, especially in scheduled autonomous mode where it may perform environment changes without meaningful review.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes automatic vault initialization and ongoing file operations but does not present a prominent warning that it will create directories, rename files, move sources, and write wiki content. Users may trigger it expecting analysis only, while the skill performs irreversible organizational changes on their data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The metadata advertises automatic dependency installation without an explicit user-facing warning that the skill may alter the host system. Silent environment modification is risky because it changes trust boundaries from document processing to software installation and may surprise users running the skill in sensitive environments.

Missing User Warnings

High
Confidence
97% confidence
Finding
The scheduled auto-maintenance mode is explicitly designed to run with no user input or confirmation while organizing files, ingesting content, creating pages, and fixing issues. That combination of unattended execution and broad write access makes accidental data modification, privacy leakage, and hard-to-audit changes substantially more likely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The agent is explicitly instructed to read, create, update, and write files, including creating parent directories, but there is no requirement for user confirmation, path restriction, or warning before modifying the filesystem. In an agent setting, this can lead to unintended or overbroad file writes if upstream inputs are wrong, manipulated, or point outside the intended wiki workspace.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill instructs extraction and persistence of all entities and concepts, including uncertain ones, from arbitrary source material into durable wiki pages and logs. Without sensitivity filtering or consent boundaries, this can capture personal, confidential, or regulated information from documents and spread it across more files, increasing exposure and retention risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal