Work Productivity Obsidian Vaults Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a safe Obsidian vault helper, but its Chinese instructions and trigger metadata are broad enough that it may be invoked for unrelated work and note-management tasks.

Install only if you want an Obsidian/Markdown-vault workflow helper and are comfortable reviewing when it activates. Prefer explicit invocation by name, limit it to a specific vault path, define folders it must not edit, and require dry-run or patch output before any bulk note changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (10)

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: The manifest and需求 sections materially broaden the skill from an Obsidian/local Markdown vault helper into a generic 'validated demand' productivity and adjacent-skill support tool. This scope drift can cause the agent to invoke the skill in contexts unrelated to its declared safety boundary, increasing the chance of inappropriate delegation, confusing outputs, and misuse of a more permissive workflow than intended.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The workflow/output sections describe a general planning and analysis assistant rather than a vault-focused helper, which weakens the correspondence between the skill's name, metadata, and actual behavior. In practice, this can let the skill handle arbitrary tasks under a trusted niche label, making routing errors and policy bypass-by-scope-confusion more likely.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger sentences are broad, repetitive, and not tightly scoped to explicit user intent, which increases the chance that the skill is invoked when a user is discussing similar topics rather than requesting this skill. In an agent ecosystem, unintended invocation can cause the wrong workflow to run, leading to incorrect file operations, confusing outputs, or bypass of more appropriate skills for the user's actual request.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are highly generic and embed ordinary help-seeking language such as 'Help me' and 'I need a practical workflow', which can cause the skill to activate during unrelated user requests. In an agent ecosystem, this creates unintended routing and prompt-surface expansion, increasing the chance that the wrong skill handles sensitive note-management tasks or overrides a more appropriate workflow.

Vague Triggers

High

Confidence: 98% confidence
Finding: The trigger keywords include extremely broad everyday terms such as 'work', 'plain', 'via', and 'bug fix', which can cause the skill to activate on many unrelated prompts. Overbroad triggering is dangerous because it can hijack routing decisions, suppress more appropriate specialized skills, and apply an over-permissive workflow to tasks outside its intended domain.

Vague Triggers

High

Confidence: 96% confidence
Finding: The usage conditions in the description are overly broad and permit activation for general workflow, checklist, analysis, or implementation support around a loosely defined demand theme. This makes the skill context much less bounded than its metadata suggests, increasing accidental invocation and enabling the skill to influence tasks well beyond local Obsidian vault assistance.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The default prompt is a broad natural-language activation phrase that can cause the skill to be selected in situations beyond tightly scoped Obsidian vault maintenance. Because the skill is designed to operate on local knowledge bases and note organization tasks, overbroad invocation increases the chance of unintended activation and inappropriate handling of user content or file-related workflows.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: Enabling implicit invocation without defined constraints allows the orchestration layer to auto-select this skill based on vague similarity, which can trigger it for unrelated requests. In a skill that deals with local notes and knowledge-base workflows, this creates risk of unintended file-oriented guidance or actions being proposed in contexts where the user did not clearly request vault manipulation.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger sentence begins with a very broad everyday phrase ('Help me ...') that lacks clear activation boundaries and then includes generic task language. In agent-routing systems, overly broad triggers can cause unintended activation on unrelated user requests, leading the skill to be invoked outside its intended Obsidian/vault workflow scope and potentially influencing handling of unrelated tasks.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: This trigger uses a broad request pattern ('I need a practical workflow for ...') that is not specific enough to distinguish the skill's intended note-management use cases from general productivity or workflow requests. Such ambiguity increases the chance of misrouting, causing the skill to intercept unrelated prompts and apply inappropriate instructions or assumptions in contexts where they do not belong.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal