cc-obsidian

SUSPICIOUS. The core skill is mostly coherent and likely benign: installing same-project MCPVault from npm to connect Claude Code to an Obsidian vault matches its stated purpose. Risk rises because it grants broad read/write access to local notes and, in the advanced path, pulls in an unrelated third-party CLI/install ecosystem that expands trust and execution scope beyond the core integration.