Back to skill
Skillv1.0.0
VirusTotal security
Obsidian Official CLI Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:44 AM
- Hash
- 762c3fd12afd48627d4356a0a9ab8b8848b67db75a59a6775aa694717d3d5fa6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: obsidian-official-cli Version: 1.0.0 The skill exposes the `obsidian eval` command in `SKILL.md`, which allows arbitrary JavaScript code execution within the Obsidian application context. While a legitimate developer tool, its exposure to an AI agent creates a significant prompt injection vulnerability. A malicious user prompt could instruct the agent to use this command to exfiltrate sensitive data, modify Obsidian settings, or perform other unauthorized actions within the application, making this a high-risk capability.
- External report
- View on VirusTotal