obsidian

Warn

Audited by Socket on Jun 23, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core note-management capabilities are coherent with the stated Obsidian purpose, and data flow appears local-only. The main issue is install trust: the skill points to an older community-maintained CLI from a separate publisher while presenting official Obsidian docs as the homepage, creating a notable provenance mismatch. This is not confirmed malware, but it is a medium security risk due to third-party binary trust and branding/source inconsistency.

Confidence: 88%Severity: 62%
Audit Metadata
Analyzed At
Jun 23, 2026, 06:07 AM
Package URL
pkg:socket/skills-sh/storyclaw-official%2Fstoryclaw-assistant%2Fobsidian%2F@d0ef97e2164fbfc95572b24a019f70e4a233477e56a3c22f6525a440da13785f
Security Audit — socket — obsidian