codex-obsidian

SUSPICIOUS: the core purpose is coherent with Obsidian integration, and the recommended folder-authorization path is low risk. Risk rises because the alternate/advanced paths rely on third-party npm/CLI components with unpinned remote execution and expanded trust, but there is no clear evidence of credential theft or intentionally malicious behavior.