Back to skill

Security audit

Obsidian - read, search, write and edit direct to obsidian vault.

Security checks across malware telemetry and agentic risk

Overview

This Obsidian skill matches its note-management purpose, but it can read and overwrite local notes with limited safety controls, so it belongs in Review rather than being blocked.

Install only if you want an agent to read and modify your Obsidian vault. Change the configured vault path, keep backups or version history enabled, and review or confirm destructive operations such as replace, clear, section replacement, or creating notes in caller-supplied folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill exposes shell execution plus file read/write and environment-variable usage, but it does not declare permissions or boundaries for those capabilities. In this context, the undocumented access is meaningful because the skill is explicitly designed to modify a real Obsidian vault on disk, which increases the chance of unintended or unauthorized file operations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs the agent to create, append, prepend, and replace note content in the user's vault without an explicit warning that these are persistent file modifications. That creates a real integrity risk: an agent may overwrite or alter user knowledge-base content without sufficiently clear user consent or confirmation, especially for destructive operations like replace and replace-section.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The edit command exposes destructive actions such as replace and clear that can permanently overwrite note contents with no confirmation, dry-run, backup, or undo safeguard. In the context of an agent skill that may be driven by ambiguous or manipulated instructions, this increases the risk of accidental or unauthorized data loss across the user's Obsidian vault.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.