Trust Assessment
obsidian received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 3 critical, 2 high, 1 medium, and 1 low severity. Key findings include Arbitrary command execution, Dangerous call: subprocess.run(), Path Traversal in File Creation/Modification.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/ruslanlanket/obisdian-direct/scripts/obsidian_search.py:81 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/ruslanlanket/obisdian-direct/scripts/obsidian_search.py:93 | |
| CRITICAL | Path Traversal in File Creation/Modification The skill's `create` and `edit` commands (as described in `SKILL.md` and `obsidian_cli.py` docstring) accept user-controlled inputs for note `title`, `folder`, and `note` names. If the internal implementation constructs file paths using `pathlib.Path` (e.g., `vault / folder_name / title.md`), these inputs can contain path traversal sequences (e.g., `../../`) to write or modify files outside the intended Obsidian vault directory. While the exact implementation is truncated in the provided `obsidian_cli.py` content, this is a common vulnerability pattern for such functionality, allowing an attacker to create or overwrite arbitrary files on the system if the skill has sufficient permissions. Sanitize all user-provided path components (e.g., `title`, `folder`, `note` names) to prevent path traversal. Ensure that `..` sequences are removed or that the final resolved path is strictly confined to the intended vault directory before any file operations. For example, by using `pathlib.Path.resolve()` and then checking if the resolved path starts with the resolved vault path. | LLM | scripts/obsidian_cli.py | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'grep_search'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/ruslanlanket/obisdian-direct/scripts/obsidian_search.py:81 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'grep_search'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/ruslanlanket/obisdian-direct/scripts/obsidian_search.py:93 | |
| MEDIUM | Unpinned Dependencies (Supply Chain Risk) The `obsidian_cli.py` and `obsidian_search.py` scripts import external libraries (e.g., `yaml`) without specifying exact versions in a `requirements.txt` or similar dependency management file. This exposes the skill to supply chain risks, where updates to dependencies could introduce breaking changes, vulnerabilities, or even malicious code without explicit review. Create a `requirements.txt` file (or similar) and pin all direct and transitive dependencies to specific versions. Use a tool like `pip-compile` or `pip freeze > requirements.txt` to manage dependencies and ensure reproducible builds. | LLM | scripts/obsidian_cli.py:20 | |
| LOW | Hardcoded Sensitive Default Path The `DEFAULT_VAULT` path is hardcoded to `/home/ruslan/webdav/data/ruslain` in both `obsidian_cli.py` and `obsidian_search.py`. This is a specific user's home directory, which is a high-privilege location. While the path can be overridden by the `OBSIDIAN_VAULT` environment variable, using such a sensitive default path increases the risk if the skill is deployed without proper configuration or in a multi-user environment. A compromised skill could access or modify arbitrary files within this default directory. Avoid hardcoding sensitive default paths. If a default is necessary, use a less privileged or more generic location (e.g., a subdirectory within the skill's own installation path) or require explicit configuration. Ensure that the environment variable override is always used in production to specify a secure vault location. | LLM | scripts/obsidian_cli.py:16 |
Scan History
Embed Code
[](https://skillshield.io/report/83286ee143d3d907)
Powered by SkillShield