Obsidian Automation

SUSPICIOUS: The skill’s stated purpose is coherent and mostly local-note oriented, but it relies on an undeclared third-party MCP server with unclear provenance and broad potential vault access. There is no direct evidence of malware or credential theft, yet the unverifiable backend dependency creates a meaningful supply-chain and data-exposure risk disproportionate to the sparse installation and trust details.