Obsidian Daily Note

Security checks across malware telemetry and agentic risk

Overview

This is a simple Obsidian daily-note helper that creates local Markdown notes, with the main caution that it can persist session details into a vault.

Install if you want an agent to draft Obsidian daily notes. Configure the daily-note folder carefully, review the generated filename and content before saving, and be cautious about recording sensitive work details in a vault that syncs to cloud services.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The trigger description is broad enough to activate on generic note-taking or activity-logging requests, not just explicit Obsidian daily-note tasks. This can cause the agent to invoke the skill in unintended contexts and write files when the user did not clearly request vault modification.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The workflow explicitly instructs the agent to write a file but does not require informing the user or obtaining consent before modifying the vault. This creates a risk of silent filesystem changes, especially when paired with broad invocation criteria.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal