alt Hacker NewsConfirmed: https://obsidian.md/help/plugin-security#Plugin+capabilities
There is no sandboxing at all. Every plugin has full access to your computer.
Replies
gitgud • yesterday at 9:16 PM
Well damn, start the countdown till the inevitable exploit of this.
I’m thinking maybe 1 or 2 weeks from now…
Is there auto-updating of plug-ins?
Installing a plug-in and reviewing its code at that point is one thing. But if the plug-in can be updated withut you knowing, then there’s little guarantee of security.