Oathe Security Badge

Is LeoLin990405/claude-obsidian-skills safe?

https://github.com/LeoLin990405/claude-obsidian-skills

94
SAFE

This skill provides comprehensive documentation for Obsidian note-taking syntax and file formats. It contains only markdown reference material with no executable code, malicious instructions, or data exfiltration capabilities.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (3)

LOW Canary file access during audit -15

System processes accessed sensitive canary files (.env, SSH keys, AWS credentials) during the audit period, though no modification or exfiltration occurred

INFO Comprehensive documentation content -5

Extensive documentation makes complete manual review challenging, though no malicious content was detected

INFO Content generation potential -5

Skill could be used to generate Obsidian-specific content, which is the intended purpose but could theoretically be misused