Back to skill

Security audit

Obsidian Sheet Plus

Security checks across malware telemetry and agentic risk

Overview

This skill transparently controls Obsidian Sheet Plus spreadsheets through a local REST API, with some ordinary data-loss and privacy risks users should manage.

Install only if you use Obsidian with the Sheet Plus plugin and want an agent to modify spreadsheet files. Before using destructive actions, verify the sheet and range, keep a backup for important workbooks, and enable the plugin API key or keep the REST API bound to localhost only.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger description is broad enough to match generic 'data-analysis', 'automation', and Excel-like tasks that may not actually require the Obsidian Sheet Plus skill. This can cause unintended invocation in contexts where the agent should use a different tool or no tool at all, increasing the chance of unnecessary access to a local unauthenticated REST API and unintended spreadsheet modification or data exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents a sheet-wide destructive operation that removes all conditional formatting rules at once, but it does not prominently warn that this affects the entire sheet and may be difficult to reconstruct manually. In an agent setting, this increases the risk of accidental bulk modification if the tool is invoked from an ambiguous or loosely scoped user request.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This skill documents a destructive operation that clears both content and formatting from a specified range, but it does not explicitly warn users that the action may be irreversible or lead to accidental data loss. In an automation or agent-driven context, omission of a confirmation or safety warning increases the chance that a user or higher-level agent invokes it on the wrong range or sheet and permanently destroys spreadsheet state.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents a destructive operation that removes cell contents but provides no warning, confirmation guidance, or advice to verify the target sheet/range before execution. In an agentic context, this increases the risk of unintended bulk data loss because the action can be triggered programmatically and the API appears to allow unauthenticated access by default on localhost.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents an endpoint that exports the complete workbook, including all sheet data, styles, and formulas, while stating authentication is absent by default. Because the API is exposed over a local HTTP interface, any local process—or a malicious webpage leveraging localhost access where applicable—could retrieve sensitive workbook contents if the user invokes or enables this workflow without understanding the exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents that unmerging retains content only in the top-left cell, which implies other visible cell contents or user expectations about preserved layout/data may be lost. Because the example and workflow do not require an explicit confirmation, backup, or preflight warning before a destructive operation, an agent could trigger accidental irreversible data loss during routine spreadsheet manipulation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.