Back to skill

Security audit

Obsidian Vault Cleaner

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple Markdown instruction for cleaning an Obsidian vault, with disclosed read-only analysis and optional note edits, but users should scope and review any changes.

Install only if you want an agent to inspect your Obsidian or Markdown notes. Start with read-only reports, specify the folders or notes to scan, keep a backup, and require a preview or diff before allowing automatic link insertion or rewriting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The usage examples are open-ended natural-language requests that can trigger broad scanning and modification behavior without explicit scope limits, confirmation requirements, or exclusions. In a note-management skill that can analyze an entire vault and optionally add links, this increases the risk of overbroad actions, unintended processing of sensitive notes, or user-authorized but insufficiently constrained changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises optional 'safe rewriting' and automatic backlink insertion but does not clearly warn that user content may be modified, potentially at scale, or that semantic corruption can occur despite backups. For an Obsidian/Markdown vault, even well-intentioned automated edits can damage note structure, links, frontmatter, or organization if users are not explicitly informed and prompted for consent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.