Cli Obsidian

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: help an agent work with Obsidian notes, but users should scope it carefully because notes may be private or mutable.

Install only if you want an agent to interact with your Obsidian notes. Use a specific vault or test folder, keep backups, and require confirmation before bulk edits or deletes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly promotes AI agents directly creating, searching, and managing Obsidian notes, but it provides no warning that these operations can modify or delete user data or act on the wrong vault if misconfigured. In an agent-integrated tool, this omission increases the chance of unintended data modification because users may grant automation broad access without understanding the risks.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal