We checked this and rejected itsecurity

obsidian-claude-pkm: why it is not safe to use

Passed our review with one caution: it bundles git-automation hooks (auto-commit, guarded force-push) whose exact bodies we could not fetch to inspect.

What we found

The skill works on your own local Obsidian vault (markdown). Data leaves only to your own git remote and, if you enable the optional GitHub Action, to Claude via the official Claude Code path. Our scan found no hardcoded secrets, no obfuscation, no arbitrary curl or wget calls, and no privilege escalation beyond making its own scripts executable.

One item earned a caution. The skill bundles bash hooks (auto-commit, session-init) and setup scripts that run git automation, including a force-push guarded by a confirmation prompt. This is scoped to your own repository and low risk, but auto-committing changes to your vault is worth understanding first. We were also unable to fetch the hook file bodies verbatim (repeated 404s), so that part of our review rests on the README, setup scripts, and file tree rather than the exact hook code.

What to do instead

Read the hook scripts in the repo before installing, especially the auto-commit and force-push paths. Point the tool at a test vault first, keep the confirmation prompts enabled, and store any Claude OAuth token in your own GitHub Actions secrets, never in a committed file.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/ballred/obsidian-claude-pkm

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Paste it into your AI (ChatGPT, Claude, or your agent) to add the skill.