obsidian-devtools

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This package intentionally exposes remote code-execution and broad filesystem/vault-modification APIs (arbitrary JS evaluation via CDP, a generic "call any plugin" API, canvas/frontmatter writers, LLM/HTTP calls) and only a partial "Safe Mode" regex guard — many write/modifying actions bypass that guard — creating clear backdoor/abuse potential for data exfiltration and system compromise if an attacker or untrusted model has access.