Back to skill

Security audit

LLM-Wiki-Skill

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill reads and updates a local Obsidian `_wiki/` knowledge layer, and those persistent edits match its stated purpose.

Install this only if you want an agent to read/search your Obsidian vault and maintain a generated `_wiki/` layer. Use backups or version control, review changes after `/wiki-query` and `/wiki-health`, and avoid running it on sensitive notes unless you are comfortable with those notes being summarized into local wiki pages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will "fix what can be fixed automatically" and later instructs the agent to modify wiki content by adding wikilinks and filling frontmatter, but it does not require explicit user confirmation, preview, or a dry-run mode before changing files. In an LLM-driven workflow, inferred fixes can be incorrect or overbroad, causing silent integrity damage to the knowledge base and making it hard for users to detect or revert unintended edits.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to create, update, and append to files in the user's `_wiki/` vault, but it does not clearly warn the user that invoking the skill will perform persistent writes. This creates a real safety issue because a user may expect summarization or analysis, yet the skill can modify multiple files and logs, potentially causing unintended data changes or wiki pollution if the source is low quality or adversarial.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that it will 'file new insights back into the wiki automatically' and later instructs the agent to update or create pages, but it does not prominently warn that running a query may modify user files. This creates a real integrity risk because a read-like operation ('query') can perform unexpected writes, potentially introducing incorrect, prompt-influenced, or user-unapproved changes into the knowledge base.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.