Obsidian Tasks

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it helps an agent create and maintain Obsidian task-board Markdown files in a user-chosen vault.

Install only if you are comfortable letting the agent create and edit task Markdown files in the Obsidian vault and folder you choose. Confirm the vault path before running setup, and consider backups or version control if task history matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill clearly instructs running a setup script that creates and modifies files in an Obsidian vault, so file-write capability is present but not explicitly declared. Undeclared write access is dangerous because users and platforms cannot accurately assess what the skill is allowed to change, increasing the risk of unexpected modification of vault contents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal