ClawHub

Obsidian Official Cli 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Obsidian CLI helper, but it gives an agent broad power to change or delete vault data and alter Obsidian plugins without enough safety boundaries.

Install only if you are comfortable letting an agent operate your Obsidian vault and configuration. Use it with explicit vault and file paths, require previews before changes, avoid silent overwrite and permanent delete unless directly requested, and approve plugin/theme installs, restore operations, screenshots, or eval commands only when you trust the source and understand the effect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The changelog explicitly advertises auto-triggering based on Obsidian-related queries, which suggests the skill may activate on broad user prompts rather than only on explicit invocation. In a skill that can perform file operations, plugin/theme management, sync, and other CLI actions, unintended invocation increases the risk of the agent selecting this capability inappropriately and exposing or modifying vault contents without sufficiently clear user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is extremely broad and is likely to trigger on many ordinary Obsidian-related requests, including high-risk file, plugin, sync, and developer actions. Overbroad routing can cause an agent to invoke a powerful skill in contexts where the user did not explicitly request destructive or system-impacting operations, increasing the chance of unsafe actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section documents create, append, prepend, move, delete, and overwrite operations, including permanent deletion, without any safety warnings, confirmation requirements, or backup guidance. In an agent setting, such examples normalize irreversible modifications and can lead to accidental data loss if the skill is followed automatically or too eagerly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section includes plugin installation/removal, theme changes, sync/history restore, and especially `obsidian eval code=...` without warning about system, integrity, or code-execution risks. These actions can alter the user's environment, revert data, or run arbitrary code in the Obsidian context, making the skill materially more dangerous than simple note management.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal