Security audit

Korta Obsidian

Security checks across malware telemetry and agentic risk

Overview

This appears to be a normal Obsidian note-management skill, but users should be careful with its documented delete command.

Install only if you intend the agent to manage notes in your Obsidian vault. Before using delete commands, verify the active vault and exact note path, and prefer archiving or backups when possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents a permanent delete operation (`obsidian-cli delete "path/note"`) without any warning about irreversibility, confirmation, backups, or safe alternatives. In a note-management skill, users may copy commands directly, so omission of caution materially increases the chance of accidental data loss in the active vault.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal