Trust Assessment
obsidian received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Third-party Homebrew tap for obsidian-cli, Potential Command Injection through obsidian-cli arguments, Excessive File System Permissions granted by obsidian-cli.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection through obsidian-cli arguments The skill describes using `obsidian-cli` commands such as `set-default`, `search`, `create`, `move`, and `delete`, which take user-controlled string arguments (e.g., vault name, query, file paths, content). If these arguments are not properly sanitized by the `obsidian-cli` tool itself or by the skill's implementation before execution, an attacker could inject malicious shell commands. For example, an input like `"; rm -rf /"` could lead to arbitrary command execution. Implement robust input sanitization and validation for all arguments passed to `obsidian-cli`. Avoid directly concatenating untrusted input into shell commands. If possible, use a library that safely escapes arguments for shell execution. Ensure `obsidian-cli` itself is robust against such injections. | LLM | SKILL.md:35 | |
| MEDIUM | Third-party Homebrew tap for obsidian-cli The skill's manifest specifies the installation of `obsidian-cli` from a third-party Homebrew tap (`yakitrak/yakitrak/obsidian-cli`). Relying on third-party taps introduces a supply chain risk, as the integrity of the formula and the upstream project is dependent on an external maintainer. A compromise of the `yakitrak` repository could lead to the installation of malicious software. Prefer official package sources or widely trusted community taps. If a third-party tap is necessary, thoroughly vet the maintainer and the formula. Consider vendoring the formula or using a more secure distribution method if possible. | LLM | SKILL.md | |
| MEDIUM | Excessive File System Permissions granted by obsidian-cli The `obsidian-cli` tool, as described, provides capabilities for creating, moving, and deleting files within the Obsidian vault and potentially other locations if path traversal is possible. Specifically, `obsidian-cli delete "path/note"` and `obsidian-cli move "old/path/note" "new/path/note"` grant significant control over the file system. If an AI agent is allowed to invoke these commands with untrusted input, it could lead to data loss, corruption, or unauthorized file manipulation. The skill also suggests "Prefer direct edits when appropriate: open the `.md` file and change it", implying direct file system write access. Restrict the AI agent's ability to invoke destructive `obsidian-cli` commands (like `delete` or `move`) without explicit user confirmation or strict input validation. Implement a whitelist of allowed file paths or operations. Consider sandboxing the execution environment for the skill. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/757770099ed03ac7)
Powered by SkillShield