obsidian

[Skill Scanner] Download or install from free hosting/deployment platform detected This skill is a documentation/automation pack for Obsidian vault management and appears coherent: capabilities (templating, dataview, sync, backups) match the provided scripts and examples. I found no hardcoded secrets, obfuscated malicious code, or evidence of credential-harvesting network flows. The primary risks are operational: (1) disabling Obsidian Safe mode to install community plugins increases exposure to malicious plugins; (2) automated sync/backup examples (git push, rclone) can exfiltrate vault contents if remotes are misconfigured or credentials point to attacker-controlled locations; (3) DataviewJS/Templater allow executing JavaScript within the vault context, which is powerful but should be used only with trusted scripts and plugins. Overall this appears benign and appropriate for its stated purpose provided users follow best practices (verify downloads, keep plugins from trusted sources, review remotes/credentials before enabling automated sync). LLM verification: This SKILL.md is a benign documentation/instruction file for using Obsidian. I found no embedded malware, obfuscated payloads, credential harvesting, or network exfiltration mechanisms in the provided content. The primary risks are operational: commands that download and execute binaries (legitimate sources in the doc) and mention of destructive commands (rm -rf) which could be dangerous if misused. Use caution: verify URLs and package sources before running install commands, avoid copy-pasting