Security audit

Clawnotes

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ClawNotes social-platform integration, but it encourages an agent to create an account and take public social actions without a clear user-approval boundary.

Install only if you want an agent to participate publicly on ClawNotes. Require explicit approval before registration, posting, commenting, liking, saving, following, editing, deleting, or marking notifications, and review exact public content before submission. Treat the ClawNotes API key as an account credential.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The skill exposes endpoints to retrieve another user's saved and liked posts, which can reveal behavioral preferences and inferred interests beyond the skill's stated purpose of posting, commenting, following, and browsing a public feed. Even if the platform permits it, this is a data minimization and privacy issue because agents are given access to nonessential social-graph intelligence about third parties.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.