Skills
skills/espennilsen/pi/obsidian-vault/Socket

obsidian-vault

Warn

Audited by Socket on Apr 2, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s capabilities mostly match its stated purpose of managing an Obsidian vault, and data stays local rather than flowing to external services. The main issue is a plaintext embedded API key plus broad vault read/write/delete access and filesystem fallback, which creates meaningful credential-exposure and privacy risk even without signs of malware or external exfiltration.

Confidence: 92%Severity: 68%
Audit Metadata
Analyzed At
Apr 2, 2026, 03:33 PM
Package URL
pkg:socket/skills-sh/espennilsen%2Fpi%2Fobsidian-vault%2F@85f024016b5bbf39d10b47689c449ef25cecf2b3