ClawHub

Obsidian Official CLI Skill

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Obsidian-management purpose, but it gives an agent broad power to change, delete, restore, install, and run code inside an Obsidian vault without enough safety guidance.

Install only if you are comfortable letting an agent control important parts of your Obsidian environment. Before using it, require explicit confirmation for delete, permanent delete, overwrite, move, restore, plugin/theme changes, sync changes, and any `obsidian eval` command, and prefer testing on a backed-up or non-sensitive vault first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The changelog states the skill supports auto-triggering based on Obsidian-related queries, but it does not define clear trigger boundaries or guardrails. In a skill that can perform file operations, plugin/theme management, sync, and other CLI actions, vague invocation criteria can cause the agent to activate the skill unexpectedly and apply powerful operations in the wrong context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This section documents destructive operations such as overwrite, move, delete, and permanent delete without any warning or confirmation guidance. In an agent setting, this increases the chance that the skill is used to perform irreversible vault modifications or data loss from ambiguous prompts or mistaken file targeting.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Sync restore and history restore are state-changing rollback operations that can replace current note contents or revert vault state, yet the skill presents them without warnings about overwrite, conflict, or recovery implications. In an automated agent context, this can cause unintended rollback or loss of recent work.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal