Back to skill
Skillv1.0.0
VirusTotal security
Obsidian Cli Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:05 AM
- Hash
- 873d4f67e921296887b0edaa762f611c465aa3063b9dd4982362f48a4ddc28ae
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: obsidian-cli-tool Version: 1.0.0 The skill bundle documents high-risk capabilities, specifically the `obsidian plugin eval '<code>'` command in SKILL.md, which allows for arbitrary JavaScript execution within a running Obsidian instance. While intended for plugin development, this provides a direct vector for Remote Code Execution (RCE) and data exfiltration if the AI agent is targeted by prompt injection. Furthermore, the `plugin screenshot` and `plugin dom` commands allow for capturing sensitive UI state, posing a significant privacy risk without explicit security boundaries.
- External report
- View on VirusTotal