Skip to content
ai-supply.store
ExplorarCategoriasClassificaçõesComunidadeAgent APIFAQ
EntrarCadastre-se grátis
catalog / Language & NLP / Text Generator for Obsidian
⊕PluginLanguage & NLPFree

Text Generator for Obsidian

Obsidian plugin that generates note content via OpenAI, Anthropic, Google, and local models.

@ai-supply
Instalações27k
↗ Repositório fonte
← More Language & NLPLanguage & NLP leaderboard →How we grade security →Source ↗

Text Generator for Obsidian

A popular Obsidian plugin for generating text content inside your notes using a range of AI providers (OpenAI, Anthropic, Google, and local models).

It is built around reusable templates and context drawn from your vault, letting you draft, summarize, brainstorm, and expand notes without leaving Obsidian.

MIT licensed; a good fit for writers and researchers who want an AI writing assistant embedded in their knowledge base.

Rating rank
#1
of 30 in Language & NLP
Install rank
#21
of 30 in Language & NLP
Security score
58/100 · D
review
Security rank
#20
of 30 in Language & NLP
Installs
27k
cat avg 145k
This listing vs category average
Installs
this
cat avg
Security (of 100)
this
cat avg
Adoption trend
See the Language & NLP leaderboard →
! Security: Review · 5858/100 · grade Dscanned 15h ago
⚠ 1 compromise signal15 risk-surface · 7/20 OWASP controls flagged

Compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score, and known dependency CVEs carry a bounded penalty (they warrant review but never QUARANTINE — update the dependency to clear). Other dangerous-by-capability traits are risk surface, expected for some capabilities. Every finding is mapped to its OWASP control below.

What this capability can do · low confidence (static)
egress → www.buymeacoffee.com, bit.ly, discord.gg, img.shields.io, twitter.com, img.youtube.com, www.youtube.com, contrib.rocks

Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any flagged control for the exact findings — compromise reduces the score; expected/risk-surface do not.

OWASP Top 10 for LLM Applications
⚠LLM02Sensitive Information Disclosurecompromise · high
Secrets, credentials or PII shipped inside the artifact.
•Verified secret leak (deep scan) — 12 leak(s): generic-api-key (CWE-798)compromise
⚠LLM07System Prompt Leakagecompromise · high
Secrets, internal hosts or proprietary logic exposed in shipped prompts.
•Verified secret leak (deep scan) — 12 leak(s): generic-api-key (CWE-798)compromise
⚠LLM03Supply Chainmedium
Vulnerable/compromised dependencies, models or archives in the artifact.
•Dependency manifest — 117 npm dependencies declared · nhaouari-obsidian-textgenerator-plugin-c83ecbd/package.jsonrisk surface
•Non-registry dependency source — 1 dependency/ies pulled from git/URL/file · nhaouari-obsidian-textgenerator-plugin-c83ecbd/package.json (CWE-829)risk surface
⚠LLM05Improper Output Handlingmedium
Code that pipes model/user output into shell, eval, SQL or paths unsafely.
•Suspicious code patterns — child_process exec; dynamic code execution · nhaouari-obsidian-textgenerator-plugin-c83ecbd/esbuild.config.mjs (CWE-78)risk surface
•Path traversal sequences — '../' present in content or name · nhaouari-obsidian-textgenerator-plugin-c83ecbd/scripts/analyze-bundle.mjs (CWE-22)risk surface
•Suspicious code patterns — child_process exec · nhaouari-obsidian-textgenerator-plugin-c83ecbd/scripts/remove-tag.js (CWE-78)risk surface
•Suspicious code patterns — dynamic code execution · nhaouari-obsidian-textgenerator-plugin-c83ecbd/src/helpers/javascript-sandbox.ts (CWE-95)risk surface
⚠LLM06Excessive Agencylow
Over-broad tool/permission surface or unrestricted egress.
•External endpoints declared — 1 distinct host(s) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.github/FUNDING.ymlrisk surface
•Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.github/workflows/release.yml (CWE-272)risk surface
•External endpoints declared — 8 distinct host(s) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/README.mdrisk surface
•External endpoints declared — 2 distinct host(s) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/manifest-beta.jsonrisk surface
•External endpoints declared — 4 distinct host(s) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/src/LLMProviders/langchain/azureOpenAIChat.tsxrisk surface
•External endpoints declared — 3 distinct host(s) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/src/LLMProviders/langchain/mistralaiChat.tsxrisk surface
§LLM09MisinformationGovernance
Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
◷LLM10Unbounded ConsumptionRuntime-enforced
Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
✓LLM01Prompt InjectionPassed
✓LLM04Data and Model PoisoningPassed
Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
✓LLM08Vector and Embedding WeaknessesPassed
PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
OWASP Machine Learning Security Top 10
⚠ML06AI Supply Chainmedium
Compromised PyPI/npm packages, typosquats, unsafe serialized models.
•Dependency manifest — 117 npm dependencies declared · nhaouari-obsidian-textgenerator-plugin-c83ecbd/package.jsonrisk surface
•Non-registry dependency source — 1 dependency/ies pulled from git/URL/file · nhaouari-obsidian-textgenerator-plugin-c83ecbd/package.json (CWE-829)risk surface
⚠ML09Output Integritymedium
Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
•Suspicious code patterns — child_process exec; dynamic code execution · nhaouari-obsidian-textgenerator-plugin-c83ecbd/esbuild.config.mjs (CWE-78)risk surface
•Path traversal sequences — '../' present in content or name · nhaouari-obsidian-textgenerator-plugin-c83ecbd/scripts/analyze-bundle.mjs (CWE-22)risk surface
•Suspicious code patterns — child_process exec · nhaouari-obsidian-textgenerator-plugin-c83ecbd/scripts/remove-tag.js (CWE-78)risk surface
•Suspicious code patterns — dynamic code execution · nhaouari-obsidian-textgenerator-plugin-c83ecbd/src/helpers/javascript-sandbox.ts (CWE-95)risk surface
§ML01Input Manipulation (Adversarial)Governance
Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
§ML03Model InversionGovernance
Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ML04Membership InferenceGovernance
Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
§ML08Model SkewingGovernance
Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
✓ML02Data PoisoningPassed
Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
✓ML05Model TheftPassed
Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
✓ML07Transfer Learning AttackPassed
Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
✓ML10Model Poisoning (Weights)Passed
Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.
Other findings (14) · hygiene / uncategorized
•Unrecognized file type — '.editorconfig' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.editorconfigrisk surface
•Unrecognized file type — '.eslintignore' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.eslintignorerisk surface
•Unrecognized file type — '.eslintrc' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.eslintrcrisk surface
•Unrecognized file type — '.gitignore' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.gitignorerisk surface
•Unrecognized file type — '.npmrc' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.npmrcrisk surface
•Unrecognized file type — '.prettierignore' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.prettierignorerisk surface
•Unrecognized file type — '.prettierrc' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/.prettierrcrisk surface
•Unrecognized file type — '.?' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/LICENSErisk surface
•Suspicious network references — URL shortener (16 URLs) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/README.mdrisk surface
•Possible obfuscation — very long lines · nhaouari-obsidian-textgenerator-plugin-c83ecbd/assets/tiktoken/encoders/p50k_base.jsonrisk surface
•Unrecognized file type — '.mjs' is not on the allowlist · nhaouari-obsidian-textgenerator-plugin-c83ecbd/esbuild.config.mjsrisk surface
•Suspicious network references — suspicious TLD (4 URLs) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/src/LLMProviders/langchain/togetherChat.tsxrisk surface
•Suspicious network references — suspicious TLD (5 URLs) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/src/lib/live-plugin-manager/GithubRegistryClient.tsrisk surface
•Suspicious network references — URL shortener (5 URLs) · nhaouari-obsidian-textgenerator-plugin-c83ecbd/src/ui/settings/sections/index.tsxrisk surface
✔ verified source · pinned nhaouari-obsidian-textgenerator-plugin-c83ecbd
Check against a policy

The same gate an agent runs before installing (POST /api/v1/trust/obsidian-text-generator/check). Click a policy:

Consume Text Generator for Obsidian programmatically. Authenticate with an API key or session — see Authorize an agent.

# Agents: CHECK BEFORE YOU INSTALL (no auth) — score, grade, level, capability manifest
curl https://ai-supply.store/api/v1/trust/obsidian-text-generator

# Gate against your org policy (returns { pass, violations })
curl -X POST https://ai-supply.store/api/v1/trust/obsidian-text-generator/check \
  -H "Content-Type: application/json" \
  -d '{"minGrade":"B","denyPermissions":["shell"],"denyUnknownEgress":true}'

# CLI
npx ai-supply add obsidian-text-generator

# REST (install → download)
curl -X POST https://ai-supply.store/api/v1/listings/obsidian-text-generator/install \
  -H "Authorization: Bearer $AIM_KEY"

# MCP tool
install_listing({ "slug": "obsidian-text-generator" })
OpenAPI spec →
vlatest
! Security: Review · 5817h ago

Curated mirror — latest upstream source. See the repository for tagged releases.

Sign in and install this listing to leave a review.

More from @ai-supply

View profile →
◉Agent
MetaGPT
Multi-agent framework that assigns GPT roles (PM, engineer, QA) to solve complex software tasks end-to-end.
↓ 1.0M
⇄Connector
vLLM
High-throughput, memory-efficient LLM inference engine with PagedAttention and continuous batching.
↓ 892k
⇄Connector
Meilisearch
Lightning-fast open-source search engine with typo-tolerance, semantic hybrid search, and sub-50ms response times.
↓ 811k
△Eval
Weights & Biases (wandb)
ML experiment tracking and visualization — log metrics, hyperparameters, models, and media in real time.
↓ 784k
ai-supply.store

Recursos de IA gratuitos e com segurança verificada — skills, MCPs, plugins, agents, datasets e muito mais, cada um com nota e acompanhamento de atualização, feitos tanto para pessoas quanto para agents.

api · v3.1status · all green
Contato
support@ai-supply.storesecurity@ai-supply.store
Catálogo
  • Explorar
  • Categorias
  • Classificações
  • Benchmarks
  • Segurança
Comunidade
  • Comunidade
  • FAQ
Para agentes
  • Início rápido (60s)
  • Autorizar um agente
  • Agent API
  • Especificação OpenAPI
Para desenvolvedores
  • Publicar
  • Painel
Conta
  • Criar conta
  • Entrar
  • Configurações
Legal
  • Termos
  • Acordo de editor
  • Uso aceitável
  • Privacidade