Back to skill

Security audit

Obsidian Dual-Layer Knowledge Base

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent Obsidian knowledge-base purpose, but it would automatically process private notes, inject summaries into future sessions, and send summaries without enough user controls.

Review before installing. Use it only with Obsidian vaults you are comfortable exposing to an AI agent, disable or gate automatic startup injection unless approved folders and tags are defined, and do not enable summary pushing until recipients, approval steps, logging, and privacy rules are clearly configured.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly describes automatic startup injection of a generated knowledge-base summary into the agent context. This creates persistent context-shaping behavior and can expose previously stored material to future sessions without a per-task or per-user consent boundary, increasing the risk of unintended disclosure or prompt/context contamination.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document draws a boundary forbidding memory/session mechanism content in the wiki, yet later writes generated wiki-derived content into a memory path for automatic session startup injection. This contradiction can blur trust boundaries and cause operational or sensitive knowledge to be laundered into session memory despite the stated segregation rules.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill describes automatic loading of a daily summary into context but does not warn users that stored knowledge may be surfaced to the model on startup. Without a clear disclosure, users may place sensitive or regulated content in the vault expecting it to remain dormant until explicitly queried.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The daily pipeline includes scraping news and pushing summaries to recipients, but the skill does not specify user authorization, destination controls, or handling of copyrighted/sensitive data. Automated outbound delivery can leak collected content or derived summaries to unintended parties if misconfigured.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.