Nb
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: nb Version: 1.0.2 The skill bundle is benign. It provides comprehensive documentation for interacting with the `nb` command-line note-taking tool. All commands and instructions in `SKILL.md` are directly related to managing notes, bookmarks, and notebooks, including Git operations for versioning. While the `nb` tool inherently involves file system access (to `~/.nb/`) and network access (for `nb sync` Git operations), and allows arbitrary Git commands via `nb git <command>`, these are core functionalities of the `nb` tool itself and are not presented with any malicious intent or instructions for the AI agent to misuse them. There is no evidence of data exfiltration, malicious execution, persistence, prompt injection attempts against the agent, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or user following these commands could overwrite notes, delete notes without a prompt, or make Git changes inside notebooks.
The command reference includes destructive note operations and broad Git access. These are purpose-aligned for a note manager, but they can modify or remove real notebook data if used without explicit intent.
# Overwrite content nb edit <id> -c "Replace all" --overwrite # Force delete without prompt nb delete <id> -f # Run any git command nb git status
Confirm the target notebook and note ID/title before overwrite, delete, move, sync, or raw Git commands; keep backups for important notebooks.
Following the manual copy-and-commit pattern could affect nb indexing or repository history if done incorrectly.
The skill warns not to edit nb repositories by hand, but later shows a direct file-copy and manual Git commit workflow. It is scoped to nb data, but could bypass normal CLI safeguards or confuse users.
> ⚠️ **IMPORTANT:** Never edit files in nb git repos (`~/.nb/*`) by hand! cp /tmp/note.md ~/.nb/<notebook>/ cd ~/.nb/<notebook> && git add . && git commit -m "Add note"
Prefer nb CLI import/add commands when possible, and use direct repository manipulation only if you understand nb indexing and Git recovery.
A mistaken local change could be pushed to a remote notebook repository and affect other devices or collaborators.
Remote sync is disclosed and purpose-aligned, but changes or deletions in a notebook can be propagated to configured remote repositories.
# Sync with remote nb sync 5. Use `nb sync` to push/pull from remote repos
Review notebook status before syncing, especially after deletes, moves, or bulk edits.
Private notes, bookmarks, todos, or archived content may be brought into the agent session when searched or shown.
The skill manages persistent local notes and can search across notebooks. This is central to the purpose, but notebook contents may include private or sensitive information.
Notes are stored in `~/.nb/<notebook>/` as markdown files with Git versioning. # Search everything nb search "term" --all
Use this skill only with notebooks you are comfortable letting the agent inspect or modify, and avoid broad searches when notebooks contain sensitive material.