Oathe Security Badge

Is parthpandya1729/obsidian-ontology-sync safe?

https://clawhub.ai/parthpandya1729/obsidian-ontology-sync

84
SAFE

This skill provides legitimate functionality for syncing Obsidian personal knowledge management notes with structured ontologies. While it requires broad file system access and contains executable code, the functionality appears consistent with its stated purpose and no malicious behavior was detected.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM Extremely verbose skill documentation -15

The SKILL.md file is exceptionally long and detailed (over 500 lines), which could potentially be used to hide subtle prompt manipulation attempts within the extensive documentation.

LOW Accesses user personal knowledge files -25

The skill legitimately needs to read markdown files from the user's Obsidian vault, which contains personal notes and potentially sensitive information.

LOW Contains executable Python script -20

The skill includes a Python script that will be executed to parse files and extract data. The code appears legitimate but represents executable content.

INFO Normal installation network activity -5

During installation, the skill made expected HTTPS connections to the clawhub.ai registry and CDN endpoints.