How does this skill help protect Obsidian vault data?

It implements strict path traversal checks to prevent plugins from accessing files outside their scope and ensures that any data leaving the vault is explicitly authorized by the user.

Is this skill aligned with official Obsidian guidelines?

Yes, the patterns are designed to follow Obsidian's official plugin development security recommendations and industry-standard OWASP principles.

Can I use this for plugins that require private API keys?

Yes, it includes specific patterns for building secure settings tabs that mask sensitive inputs and ensure credentials are never hardcoded or leaked in debug logs.

Does it provide protection against Cross-Site Scripting (XSS)?

The skill provides guidance on sanitizing HTML content and implementing secure Content Security Policies (CSP) for custom views and iframes within Obsidian.

Does it handle secure logging?

It includes a utility for redacting sensitive keys like 'password', 'token', and 'apiKey' from objects before they are passed to console logs or error reports.

Obsidian Plugin Security Basics

Name: Obsidian Plugin Security Basics
Author: jeremylongshore

byjeremylongshore

•

1,243

•

보안 및 테스팅

Implements industry-standard security practices and data protection patterns for Obsidian plugin development.

This skill provides a comprehensive framework for building secure Obsidian plugins, focusing on protecting user vault data and sensitive information. It guides developers through implementing secure settings storage for API keys, robust input validation to prevent path traversal and XSS, and safe HTTP communication patterns. By using this skill, developers can ensure their plugins adhere to privacy-first principles, handle external data sharing with user consent, and avoid common security pitfalls like hardcoded secrets or excessive logging of sensitive data.

주요 기능

01Permission-based workflows for explicit user consent during data sharing

02Secure settings storage with masked API key inputs and UI toggles

03Sensitive data redaction patterns for secure error logging and auditing

04Robust input validation for path traversal, URL sanitization, and HTML safety

051,243 GitHub stars

06Safe HTTP client implementation using Obsidian's internal request modules

사용 사례

01Developing an Obsidian plugin that integrates with a 3rd-party API using a secret token

02Implementing user consent prompts before transmitting vault contents to external services

03Validating file paths when programmatically creating or modifying files within a user's vault

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills obsidian-security-basics

For use in Claude.ai and ChatGPT

Download Skill

주요 기능

01Permission-based workflows for explicit user consent during data sharing

02Secure settings storage with masked API key inputs and UI toggles

03Sensitive data redaction patterns for secure error logging and auditing

04Robust input validation for path traversal, URL sanitization, and HTML safety

051,243 GitHub stars

06Safe HTTP client implementation using Obsidian's internal request modules

사용 사례

01Developing an Obsidian plugin that integrates with a 3rd-party API using a secret token

02Implementing user consent prompts before transmitting vault contents to external services

03Validating file paths when programmatically creating or modifying files within a user's vault

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills obsidian-security-basics

For use in Claude.ai and ChatGPT

Download Skill