obsidian-second-brain
Audited by Socket on Jun 29, 2026
2 alerts found:
Anomalyx2SUSPICIOUS: the skill’s core capabilities fit its stated Obsidian/research purpose, and the cited install sources appear same-project and documented. However, it combines transitive skill installation, remote installer patterns, autonomous scheduled writes, and ingestion of untrusted web/social content with write/exec permissions, making it a medium-to-high security risk despite low evidence of deliberate malware.
No direct evidence of intentional malware is visible in this installer script alone (no hardcoded secrets, no exfiltration logic, no obfuscation, no overt backdoor). The dominant risk is high-impact supply-chain/persistence behavior: it downloads and executes code from remote GitHub repos (via npx/git), runs an upstream setup.sh, and registers a persistent jeo post-turn hook that later executes an adapter script from local filesystem paths. If upstream repos or local adapter files are compromised/tampered with, this script would enable execution with user privileges and persistence in jeo.