Obsidian

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to manage an Obsidian/Nextcloud knowledge base, but its triggers and workflows could persistently modify and sync notes without clear confirmation.

Install only if you are comfortable with the agent writing to and syncing your Obsidian/Nextcloud vault. Before use, define the exact vault path and require explicit confirmation before any ingest, lint logging, index update, or sync operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list includes generic phrases such as "wiki" and "knowledge base," which can match many ordinary user requests unrelated to this specific Nextcloud-backed Obsidian vault. Overly broad activation can cause the agent to invoke file-access capabilities in the wrong context, increasing the risk of unintended reads, writes, or sync operations against sensitive notes.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The ingest trigger is overly broad because merely sharing a link or article may be interpreted as authorization to read, create pages, update indexes, append logs, and sync changes. In a skill that performs write operations against a knowledge base, ambiguous activation increases the chance of unintended data ingestion and persistent modification from casual conversation or forwarded content.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This workflow instructs the agent to create pages, modify index.md, append to log.md, and run sync, but it does not require informing the user that persistent changes will be made. In the context of an Obsidian/Nextcloud-backed wiki, silent writes can surprise the user, pollute the knowledge base, and propagate unwanted changes through synchronization.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The lint workflow appears read-oriented, but it also updates log.md without warning, which means a user requesting a health check may unknowingly trigger a disk write. Although lower risk than ingest, this still violates least surprise and can create unnecessary repository churn or synced changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal