ClawHub
Back to skill

Security audit

Flatnotes 笔记服务

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Flatnotes API helper with expected note-management features, but its credential flow and user-control guidance for deletes and uploads are too unclear for automatic approval.

Review this before installing if your Flatnotes instance contains sensitive notes or files. Only use it with credentials you are comfortable granting to an agent, confirm deletes and uploads manually, and avoid giving it broad access to local files until the auth model and upload/delete safeguards are documented clearly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation states Bearer Token authentication, while the skill metadata requires username and password environment variables. This mismatch can cause implementers or agents to use the wrong auth flow, mishandle sensitive credentials, or send secrets in unintended ways, increasing the chance of authentication failures or credential exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The API docs describe create, update, delete, and upload operations without clearly warning that they modify or remove user data. In an agent skill context, omission of these consequences makes it easier for an automated system or user to invoke destructive actions without informed consent, leading to accidental data loss or unintended uploads.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The attachment upload endpoint is documented as a normal operation but does not warn that local file contents will be transmitted to the server. In an agent setting, this increases the risk of sensitive local or user-provided files being uploaded without adequate awareness, consent, or validation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.