Archive Daily Note

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the local Obsidian note-archiving task it advertises, with no evidence of data theft or hidden behavior.

Before installing, confirm the vault path, daily-note naming pattern, archive destination, and schedule. Keep backups or Obsidian sync/version history enabled, and make sure you know how to disable the schedule if notes move unexpectedly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill schedules an automatic file-moving operation that alters user content without clearly warning the user about the ongoing, recurring modification of notes. Even though it uses Obsidian's move command and is intended to be idempotent, silent scheduled mutation of user files can cause confusion, unintended archival of the wrong note due to naming assumptions, and harder recovery if the behavior is not explicitly disclosed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal