Security audit

social-favorites-to-obsidian

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent syncing purpose, but it handles browser session cookies and Obsidian credentials while installing unpinned third-party scraping code, so it should be reviewed carefully before use.

Install only if you trust the publisher, the hctec GitHub scraping skills, CookieCloud, and obsidian-headless. Prefer interactive Obsidian login, do not paste passwords or encryption keys into chat, keep cookiecloud.env private with restrictive permissions, review any generated cron job before enabling it, and consider reviewing or pinning the external hctec dependency before running scheduled sync.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 94% confidence
Finding: The skill instructs the agent to run shell commands, read and write local files, access environment-based secrets, and use networked services such as CookieCloud and Obsidian sync, but it does not declare any permissions. This creates a transparency and consent gap: an agent or user may invoke a skill with broader capabilities than expected, increasing the chance of unauthorized filesystem access, secret handling, or network actions without explicit review.

Ssd 3

High

Confidence: 96% confidence
Finding: The instructions explicitly tell the operator to collect CookieCloud authentication secrets and write them into a local environment file. These values grant access to synchronized browser cookie data, so storing or handling them manually increases the chance of credential leakage through shell history, screenshots, backups, misconfigured file permissions, or accidental sharing. In this skill context, the danger is elevated because the skill is designed to bridge authenticated social-platform sessions into automation workflows.

Ssd 3

High

Confidence: 98% confidence
Finding: The setup flow requests the user's Obsidian account password and possibly the end-to-end sync encryption password in plain language. Asking for these credentials directly is unsafe because it conditions users to reveal high-value secrets to the installer/operator and creates a risk of interception, retention in transcripts, or reuse by anyone with access to the session. The skill context makes this more dangerous because these credentials control cloud sync and potentially encrypted vault contents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical

Code: suspicious.dangerous_exec
Location: bin/social-favorites-to-obsidian.js:30

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: scripts/setup.py:50