We checked this and rejected itsecurity

Obsidian-CLI-skill: why it is not safe to use

Obsidian-CLI-skill passed our injection, exfiltration, and secret checks, but ships permanent-delete and arbitrary-JavaScript eval commands, so we flagged it warn (79/100).

The Obsidian-CLI-skill documents a command-line interface for the Obsidian desktop app. Our scan found no prompt injection, no external network calls, no data exfiltration, and no hardcoded secrets or credential access. It runs at normal user privilege and touches only your local vault. We rated it warn (79/100) on one dimension: the powerful commands it exposes.

What we found

The skill surfaces two genuinely destructive capabilities. First, a permanent file delete that removes notes outright rather than moving them to trash, so an accidental or misdirected call can lose data with no easy recovery. Second, an eval command that runs arbitrary JavaScript against the running Obsidian instance, which effectively grants the skill full programmatic control of the app. In an agent context, either command could act on a vague or misread instruction with no confirmation step.

What to do instead

Use the skill on a vault you have backed up or version-controlled. Keep the delete and eval commands under human review rather than fully autonomous use, and confirm the exact target before running them. If you only need read or standard edit operations, prefer those and leave the destructive commands disabled.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/pablo-mano/Obsidian-CLI-skill

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Paste it into your AI (ChatGPT, Claude, or your agent) to add the skill.