We checked this and rejected itsecurity

Obsidian Skills: why it is not safe to use

Obsidian Skills passed review (82/100); we flag three cautions around local write access, an eval command, and web fetching.

What we found

Obsidian Skills passed our review with a score of 82/100. We found no prompt injection, no hardcoded secrets, no vault data leaving your machine, and no credential access. The skills read as plain, human-readable documentation.

Three items earned a caution rather than a block. The obsidian-cli tool can create, overwrite, and modify notes and properties in your local vault, and it exposes an `eval` command that runs JavaScript inside the Obsidian app. The defuddle skill installs globally with `npm install -g` and fetches user-supplied URLs to convert web pages into markdown. Each capability is documented, user-initiated, and scoped to your local setup, but together they grant broad local power.

What to do instead

You can use this skill with a few precautions. Back up your vault before running commands that write or modify notes. Read any `eval` command before you run it, and skip ones you did not author. When you pull a web page in with defuddle, treat the resulting note as untrusted content rather than as instructions. Review the global npm install if your environment restricts system-wide packages.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/kepano/obsidian-skills

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Go back to ChatGPT or Claude and paste it to teach the skill.