Comment by Groxx

18 hours ago

Confirmed: https://obsidian.md/help/plugin-security#Plugin+capabilities

There is no sandboxing at all. Every plugin has full access to your computer.

3 comments

Groxx

Reply
thinkling  16 hours ago

Is there auto-updating of plug-ins?

Installing a plug-in and reviewing its code at that point is one thing. But if the plug-in can be updated withut you knowing, then there’s little guarantee of security.

  • kepano  16 hours ago

    You can automatically check for updates but it's off by default, and still requires a manual click. Also the new plugin review system automatically scans every release.

gitgud  15 hours ago

Well damn, start the countdown till the inevitable exploit of this.

I’m thinking maybe 1 or 2 weeks from now…