obsidian-cli

[Skill Scanner] Credential file access detected The obsidian-cli skill's capabilities match its documented purpose of manipulating an Obsidian vault. It does not itself contain obfuscated or encoded malicious payloads, nor does it route data to external attacker-controlled domains. However, it exposes high-risk operations — notably 'obsidian eval' (arbitrary JavaScript execution in the app) and plugin install/enable — that provide powerful execution capability inside the user's Obsidian process and could be abused by an untrusted agent to read or exfiltrate vault contents or install malicious plugins. Treat this skill as potentially dangerous in automated contexts: restrict eval and plugin management to trusted, interactive use and require explicit user confirmation for destructive or code-execution commands. LLM verification: The manifest itself is not malicious and matches its stated purpose: documenting how to use the Obsidian CLI for vault management. However, the documented capabilities include high-privilege operations — notably dev:eval (arbitrary JS execution) and plugin install/enable — which enable arbitrary code execution and supply-chain risk. These amplify the attack surface if an untrusted agent or automation is permitted to invoke them. Recommendation: treat dev:eval and plugin install/enable as sensiti