Back to skill

Security audit

social-favorites-to-obsidian

Security checks across malware telemetry and agentic risk

Overview

The skill has a coherent syncing purpose, but it handles browser session cookies and Obsidian credentials while installing unpinned third-party scraping code, so it should be reviewed carefully before use.

Install only if you trust the publisher, the hctec GitHub scraping skills, CookieCloud, and obsidian-headless. Prefer interactive Obsidian login, do not paste passwords or encryption keys into chat, keep cookiecloud.env private with restrictive permissions, review any generated cron job before enabling it, and consider reviewing or pinning the external hctec dependency before running scheduled sync.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to run shell commands, read and write local files, access environment-based secrets, and use networked services such as CookieCloud and Obsidian sync, but it does not declare any permissions. This creates a transparency and consent gap: an agent or user may invoke a skill with broader capabilities than expected, increasing the chance of unauthorized filesystem access, secret handling, or network actions without explicit review.

Ssd 3

High
Confidence
96% confidence
Finding
The instructions explicitly tell the operator to collect CookieCloud authentication secrets and write them into a local environment file. These values grant access to synchronized browser cookie data, so storing or handling them manually increases the chance of credential leakage through shell history, screenshots, backups, misconfigured file permissions, or accidental sharing. In this skill context, the danger is elevated because the skill is designed to bridge authenticated social-platform sessions into automation workflows.

Ssd 3

High
Confidence
98% confidence
Finding
The setup flow requests the user's Obsidian account password and possibly the end-to-end sync encryption password in plain language. Asking for these credentials directly is unsafe because it conditions users to reveal high-value secrets to the installer/operator and creates a risk of interception, retention in transcripts, or reuse by anyone with access to the session. The skill context makes this more dangerous because these credentials control cloud sync and potentially encrypted vault contents.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec, suspicious.exposed_secret_literal

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
bin/social-favorites-to-obsidian.js:30

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/setup.py:50