Back to skill

Security audit

笔记CLI工具箱

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed toolkit for managing Obsidian notes with command-line operations, including edits, moves, deletes, and batch workflows.

Install only if you want an agent to manage an Obsidian vault through shell commands. Before delete, move, archive, batch edit, or CI push workflows, preview the target files, use dry-run where available, and keep the vault in Git or another backup system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly promotes create/move/delete and broad batch modification of notes on disk, but it does not pair those capabilities with strong guardrails such as confirmation requirements, dry-run defaults, scoped path restrictions, backups, or a prominent data-loss warning. In an agent setting with exec access, this increases the chance of accidental destructive actions or overbroad file changes, especially in CI/headless workflows where mistakes can propagate automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.