obsidian
Warn
Audited by Socket on May 17, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS. The core note-management capabilities are coherent with the stated Obsidian purpose, and data flow appears local-only. The main issue is install trust: the skill points to an older community-maintained CLI from a separate publisher while presenting official Obsidian docs as the homepage, creating a notable provenance mismatch. This is not confirmed malware, but it is a medium security risk due to third-party binary trust and branding/source inconsistency.
Confidence: 88%Severity: 62%
Audit Metadata