Trust Assessment
obsidian-daily received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Unsanitized user input in VAULT_NAME leads to command injection, Unsanitized user input in ENTRY_TEXT leads to command injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unsanitized user input in VAULT_NAME leads to command injection The skill suggests configuring the default vault using `obsidian-cli set-default "VAULT_NAME"`. If `VAULT_NAME` is controlled by an untrusted user and not properly sanitized, a malicious string (e.g., `my_vault"; rm -rf /; echo "`) could escape the double quotes and execute arbitrary shell commands with the permissions of the agent. Ensure all user-provided input, especially `VAULT_NAME`, is strictly validated and properly shell-escaped (e.g., using `shlex.quote()` in Python or similar functions in other languages) before being passed as an argument to `obsidian-cli` or any shell command. | LLM | SKILL.md:20 | |
| CRITICAL | Unsanitized user input in ENTRY_TEXT leads to command injection The skill constructs commands to append content using `obsidian-cli create ... --content "$(printf '\n%s' "ENTRY_TEXT")"`. If `ENTRY_TEXT` is controlled by an untrusted user and not properly sanitized, a malicious string (e.g., `foo"; rm -rf /; echo "`) could escape the inner double quotes within the `printf` command, leading to arbitrary shell command execution with the permissions of the agent. Ensure all user-provided input, especially `ENTRY_TEXT`, is strictly validated and properly shell-escaped before being embedded into shell commands. The content passed to `printf` should be quoted and escaped to prevent shell metacharacter interpretation. | LLM | SKILL.md:37 | |
| CRITICAL | Unsanitized user input in TERM leads to command injection The skill uses `obsidian-cli search-content "TERM"`. If `TERM` is controlled by an untrusted user and not properly sanitized, a malicious string (e.g., `my_term"; rm -rf /; echo "`) could escape the double quotes and execute arbitrary shell commands with the permissions of the agent. Ensure all user-provided input, especially `TERM`, is strictly validated and properly shell-escaped (e.g., using `shlex.quote()` in Python or similar functions in other languages) before being passed as an argument to `obsidian-cli` or any shell command. | LLM | SKILL.md:61 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/bastos/obsidian-daily/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/7da4a85d51ba4b63)
Powered by SkillShield