ClawHub

obsidian-quartz-blog-setup

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its Quartz blog setup purpose, but it can publish broad Obsidian content and includes unrelated self-improvement persistence instructions.

Install only if you want an agent to copy reviewed Obsidian notes into a Quartz project and push them to GitHub Pages. Use a fresh project or reviewed export folder, inspect the content and .github/workflows changes before commit/push, verify the target repo and branch, and remove or ignore the self-evolution diary/PR instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill includes a self-evolution mechanism that appends failure cases to local diary files and proposes future PRs to modify the skill itself. This behavior is unrelated to the user’s requested Quartz setup task and creates unauthorized persistence and prompt-surface expansion, which can leak user/task data into files and normalize self-modifying agent behavior.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The manifest frames the skill as a first-time setup workflow, but the body also contains ongoing maintenance logic for the skill itself. This mismatch can bypass user expectations and reviewer scrutiny, because a skill invoked for one-time blog setup is also instructed to perform unrelated persistence or maintenance actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly states that the skill will copy note files, modify Quartz configuration and workflow files, and push to a GitHub branch, but it does not prominently warn that these actions change both local filesystem state and remote repository state. In an agentic context, missing consent and modification warnings increase the chance of unintended publication of private notes or accidental repository changes, especially when users treat the skill as a guided setup rather than a deployment operation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal