Obsidian Skills: why it is not safe to use
Obsidian Skills passed review (82/100); we flag three cautions around local write access, an eval command, and web fetching.
What we found
Obsidian Skills passed our review with a score of 82/100. We found no prompt injection, no hardcoded secrets, no vault data leaving your machine, and no credential access. The skills read as plain, human-readable documentation.
Three items earned a caution rather than a block. The obsidian-cli tool can create, overwrite, and modify notes and properties in your local vault, and it exposes an `eval` command that runs JavaScript inside the Obsidian app. The defuddle skill installs globally with `npm install -g` and fetches user-supplied URLs to convert web pages into markdown. Each capability is documented, user-initiated, and scoped to your local setup, but together they grant broad local power.
What to do instead
You can use this skill with a few precautions. Back up your vault before running commands that write or modify notes. Read any `eval` command before you run it, and skip ones you did not author. When you pull a web page in with defuddle, treat the resulting note as untrusted content rather than as instructions. Review the global npm install if your environment restricts system-wide packages.
Source: https://github.com/kepano/obsidian-skills
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.