ClawHub

Note Taker

Security checks across malware telemetry and agentic risk

Overview

This is a locally run note/task helper with confusing packaging, but the reviewed artifacts do not show hidden, networked, privileged, destructive, or credential-seeking behavior.

Install only if you are comfortable with a mixed note-template and task-list package. Avoid storing secrets or highly sensitive notes in the task script because it keeps local data and command history until you delete them, and confirm which script your installed command runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill metadata and title present this as a note-taking assistant, but the documented behavior is a persistent task manager that stores data locally, tracks history, exports data, and manages reminders and priorities. This mismatch is dangerous because users, reviewers, or policy systems may grant permissions or trust assumptions appropriate for note formatting while the skill actually handles broader stateful task-management functions and data persistence.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest advertises note-taking and note-organization, while the body documents a to-do and planning tool with reminders, priorities, weekly views, and persistent logs. Security-wise, this is an integrity and transparency problem: downstream tooling or users may approve the skill under one capability profile while it operates under another, increasing the chance of unintended data collection, storage, or use.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The file title and manifest claim a note-taking skill, but the embedded documentation immediately reframes it as a productivity and task-management tool. While not an exploit by itself, this contradiction weakens trust boundaries and can conceal the real operational scope of the skill, especially because it persists data and command history.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill metadata says this is a note-taking assistant for Cornell notes, Zettelkasten, mind maps, meeting notes, and lecture notes, but the script actually implements a generic todo/task manager. This kind of capability mismatch is dangerous because users and orchestrators may grant trust, permissions, or invoke the skill under false assumptions, resulting in deceptive behavior and unintended data handling.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The inline help and comments describe the tool as a productivity and task management utility, directly contradicting the manifest's note-taking description. Conflicting declarations increase supply-chain and agent-integration risk because reviewers or automated systems may rely on one description while the code behaves according to another.

VirusTotal

38/38 vendors flagged this skill as clean.

View on VirusTotal