70High
The skill defines attributes allowing arbitrary local file paths, posing
Behavior Analysis
Mismatch detected — The skill's description implies it can 'Create and edit JSON Canvas files', suggesting active functionality. However, the content is purely descriptive, providing a specification and guidelines for *how* such files are structured and *how* they *could be* manipulated, rather than containing any executable logic to perform these actions itself.
Claims to do
JSON Canvas Skill: A canvas file (`.canvas`) contains two top-level arrays following the [JSON Canvas Spec 1.0](https://jsoncanvas.org/spec/1.0/):
Actually does
This skill provides a detailed specification for the JSON Canvas file format (`.canvas`), outlining the structure of nodes and edges, required attributes, ID generation rules, and validation guidelines. It describes common workflows for creating, adding to, connecting, and editing these JSON files, including how to parse, manipulate, and write JSON data. It does not execute any commands, call external tools, or contact URLs; it serves as a reference for understanding and constructing `.canvas` files.
Skill Info
Namekepano/obsidian-skills/json-canvas
Registrygithub
Versionfa1e131a0145
PURLpkg:github/kepano/obsidian-skills@fa1e131a0145?skill=json-canvas
Stars24,265
Installs13,100
Source
SHA-25697d1ae072895...
SHA-1531d61d56f37...
MD56fdd02922d58...
TLSH3ff1b653df40...
ssdeep192:74K5CBsM...
Size7,624 bytes
Install
Assessments (2)
AI Agent Traps ↗Description Mismatchhighdescription mismatch
The skill's description implies it can 'Create and edit JSON Canvas files', suggesting active functionality. However, the content is purely descriptive, providing a specification and guidelines for *how* such files are structured and *how* they *could be* manipulated, rather than containing any executable logic to perform these actions itself.
85% confidence
The entire skill content is documentation (e.g., 'File Structure', 'Common Workflows', 'Nodes', 'Edges', 'Validation Checklist') without any code, API calls, or commands that would enable it to 'create' or 'edit' files.
Arbitrary local file path referencingmediumreconnaissance
The skill defines attributes (`file` for file nodes, `background` for group nodes) that allow specifying arbitrary local file paths. An agent could be prompted to create canvas files referencing sensitive system files, potentially leading to information disclosure or reconnaissance if the agent has file system access.
90% confidenceline 75
| `file` | Yes | string | Path to file within the system | ... | `background` | No | string | Path to background image |
Dependencies (1)
obsidian.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/kepano/obsidian-skills/json-canvas)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/kepano/obsidian-skills/json-canvas"><img src="https://mondoo.com/ai-agent-security/api/badge/github/kepano/obsidian-skills/json-canvas.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/kepano/obsidian-skills/json-canvas.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow