Build a Security Engineer’s Second Brain with Karpathy’s LLM Wiki: A Practical Guide

Knowledge Management Challenges for Security Engineers

Researching a CVE often opens dozens of browser tabs; notes are lost after a week. Documentation is scattered across multiple projects, making retrieval difficult. Similar attack patterns are repeatedly solved from scratch, consuming time. Existing knowledge‑base tools require vector databases, RAG pipelines, or complex configuration.

Karpathy’s LLM‑Wiki Mode

The mode reads relevant Wiki pages directly at query time, eliminating the need for RAG. Benefits for security engineers: adding notes requires no complex setup, searching saved information is straightforward, and notes are accessible from any location.

Typical Use Cases

Extract IoCs, attack patterns, and remediation steps directly from penetration‑test reports and CVE announcements.

Query incident timelines and root‑cause analyses months later without digging through Slack.

Tag exploitation techniques in bug‑bounty write‑ups by technology type.

Find a single command from a week‑old terminal history via indexed logs.

Run one query to retrieve information across all past projects.

Prerequisites

Obsidian (any recent version).

Optional: Defuddle for more accurate web‑content extraction.

Full Configuration Guide

Step 1: Clone and Install

git clone https://github.com/Ar9av/obsidian-wiki.git
cd obsidian-wiki
bash setup.sh

Step 2: Configure the Vault

cp .env.example .env
mkdir ~/llm-wiki

Edit .env and set OBSIDIAN_VAULT_PATH=/path/to/your/llm-wiki to the actual path.

Step 3: Initialise the Wiki

In the repository directory open Claude Code and issue the prompt: Set up my wiki The command creates an index page, category folders, and cross‑link templates.

Step 4: Link Skills Globally

ln -s "$PWD/.skills/wiki-ingest" ~/.claude/skills/wiki-ingest
ln -s "$PWD/.skills/ingest-url" ~/.claude/skills/ingest-url
ln -s "$PWD/.skills/wiki-query" ~/.claude/skills/wiki-query
ln -s "$PWD/.skills/daily-update" ~/.claude/skills/daily-update

Without these symbolic links the skills are usable only inside the obsidian-wiki folder.

Core Skills

Universal Ingest – command /wiki-ingest "<prompt>". Accepts any document, distils knowledge into a Wiki page, and creates cross‑links.

URL Ingest – command /ingest-url <url>. Fetches an article, security advisory, or write‑up and adds it to the Wiki.

Full‑Text Query – command /wiki-query "<question>". Answers questions using all ingested content.

Daily Update – command /daily-update. Performs freshness checks, cross‑link updates, and index refreshes.

Demo: Ingest Operations

Ingest a CVE announcement from a web page

/ingest-url https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

The skill fetches the page, extracts vulnerability details, affected versions, and remediation steps, then creates linked Wiki entries for the CVE, attack technique, and related terms.

Ingest a PDF incident report

/wiki-ingest "@Bybit Incident Investigation - Preliminary Report v1.0.pdf"

The skill parses the PDF, extracts the incident timeline, root cause, and attack chain, and creates separate Wiki pages for each element.

Add inline knowledge without a file

/wiki-ingest Create a note about production-web-01 server. It's at 10.0.1.50, runs Ubuntu 22.04, owned by the Platform team, admin contact is [email protected], and it hosts the customer portal

The input is formatted into a front‑matter Wiki page with relevant links.

Demo: Query Operations

Query CVE details

/wiki-query What do I know about the GitHub RCE vulnerability?

Response includes the CVE identifier, affected versions, attack vector, and remediation steps extracted from the previously ingested data.

Query IoCs from an incident

/wiki-query get the ioc from bybit incident

Answer lists the attack chain, leaked keys, and timeline extracted from the PDF ingestion.

Query service owner and infrastructure mapping

/wiki-query Show me service owner and infrastructure mapping of production-web-01

Result shows server name, IP address, owning team, and administrator contact added via the inline note.

Further Optimisations

QMD Semantic Search – overlay semantic search on the Wiki when the vault exceeds 200 pages.

MarkItDown PDF Processing – superior to Microsoft’s default PDF extractor for tables and formatted content.

Graph Colourise – colour‑code the Obsidian graph view by category; activate with /graph-colorize.

Any tool can be swapped or adjusted; the system is pure Markdown with no vendor lock‑in.

Conclusion

Adding knowledge to a personal “second brain” requires only a command or a file drop. No RAG pipelines, vector databases, or complex configuration are needed—just ingest and query, and the knowledge base grows with each use.