obsidian-helper

SUSPICIOUS. The skill’s note-taking purpose is coherent, and its main API target is local Obsidian rather than an external gateway, but its install and credential model are not proportionate: it tells the agent/user to run an unpinned npm-fetched MCP package whose provenance was not clearly verified, then forwards the Obsidian API key to that package. The main risk is supply-chain compromise and credential forwarding to third-party code, not confirmed malware.