ClawHub

Claude-Obsidian 知识引擎

Security checks across malware telemetry and agentic risk

Overview

This Obsidian knowledge-base skill is mostly purpose-aligned, but it needs review because it encourages broad automatic vault edits and persistent note metadata without clear approval boundaries.

Install only if you want an agent to scan and modify an Obsidian-style vault. Use a backup, prefer dry-run or preview before bulk changes, keep the vault cache private, and do not let private notes be sent to any external AI/API unless that behavior is explicitly disclosed and you consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The activation conditions are extremely broad and include common note-taking and productivity terms, increasing the chance that the skill triggers during ordinary conversations where the user did not intend vault operations. Because this skill is designed to read and write notes, overbroad triggering materially raises the risk of unintended data processing and modification.

Missing User Warnings

High
Confidence
96% confidence
Finding
Stating that every conversation is a write operation normalizes automatic persistence without a clear consent boundary. In a personal knowledge-base environment, that can cause silent recording of sensitive user input, accidental corruption of notes, and unwanted long-term retention of transient or private conversation content.

Missing User Warnings

High
Confidence
95% confidence
Finding
The workflows instruct the agent to automatically create, update, and relink files throughout the vault, including bulk operations, without user-facing warnings or approval checkpoints. In context, this is especially risky because large-scale automated edits can propagate mistakes, overwrite structure, and persistently reshape a user's knowledge base from a single ambiguous request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation explicitly describes persistent storage of processed-file history, active topics, and user preferences in `.cache/hot_cache.json`, but provides no notice about retention, sensitivity, or how users can opt out. In a personal knowledge base context, these fields can reveal behavioral history and sensitive subjects, increasing privacy risk if the vault is shared, synced, or inspected by other tools.

Missing User Warnings

High
Confidence
95% confidence
Finding
The entity extraction script states it uses AI via an API to process markdown content, but does not warn that note contents may be transmitted to an external service. In a PKM/Obsidian vault, files often contain highly sensitive personal, medical, work, or research information, so silent external transmission creates a significant confidentiality and compliance risk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal