ClawHub

Obsidian Sync KB

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Obsidian knowledge-base skill, but users should know it can use note-derived data for web enrichment unless network access is disabled.

Install only if you are comfortable with the skill reading your configured Obsidian inbox, storing local indexes and query history, and possibly sending note-derived URLs or search terms to external sites during build. For private or work-sensitive vaults, set research.enable_network to false or run build-index with --disable-network before indexing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a local Obsidian knowledge-base builder, but the implementation performs outbound HTTP fetches and even expands scope via web search for enrichment. This can exfiltrate note-derived queries, URLs, and metadata to third parties and violates the principle of least astonishment for a supposedly local-only skill.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The code issues public search queries and ingests third-party pages based on note content, which extends processing beyond the user's vault into unrelated external sources. This can leak sensitive note themes or titles to search engines and taint the knowledge base with untrusted external content without clear consent.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The query path persistently stores user searches, confidence, topics, and top-matching document IDs in query_history.jsonl without any manifest disclosure or apparent retention controls. Search history can reveal sensitive interests, internal project names, and relationships between user queries and local documents.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Outbound retrieval and public web search happen in code without any user-facing warning at execution time, despite the tool otherwise appearing to operate on local files. Lack of disclosure increases the risk that users unknowingly send sensitive note-derived data to remote services and prevents informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal