Obsidian Cli Tool

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Obsidian helper that exposes powerful but disclosed vault and plugin-development commands.

Install this only if you want your agent to work with a live Obsidian vault. Ask for confirmation before delete, move, frontmatter changes, screenshots, DOM inspection, or JavaScript evaluation, and use plugin eval only with code you trust. Verify the separate Obsidian CLI/plugin before relying on it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The skill description is broadly scoped to ordinary note and content-management requests, which increases the chance the agent invokes this skill in situations where the user did not explicitly intend to grant access to a live Obsidian vault. Because the tool can read, modify, move, and delete notes, overbroad activation can lead to unintended exposure or alteration of private vault data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill exposes destructive commands like note deletion and powerful developer commands like `plugin eval` without warnings, confirmation requirements, or trust boundaries. In this context, `plugin eval` can execute arbitrary JavaScript inside the running Obsidian environment, and delete/move/frontmatter modification commands can alter user data, making accidental or prompt-induced misuse significantly more dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal