ClawHub

Memo Api

Security checks across malware telemetry and agentic risk

Overview

This instruction-only MaiMemo API skill openly uses a user-provided token to read and change vocabulary/study data, with no hidden code or exfiltration found.

Install only if you want an agent to use your MaiMemo Open API token. Keep MAIMEMO_TOKEN out of shared logs and transcripts, and require an explicit preview and confirmation before delete, export, bulk add, or review-advance operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes very broad everyday phrases such as study progress, review schedule, words due, and export study data, which increases the chance the skill is invoked when a user did not clearly intend to access this API. Because the skill can reach study records and export-related functionality, accidental invocation could expose or act on personal learning data in a way the user did not expect.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation explicitly advertises export of study data but provides no privacy warning, consent guidance, or discussion of data scope. Export features can reveal detailed personal learning history and behavior patterns, so omitting safeguards makes unintended disclosure more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill requires a bearer token and shows it being used in curl requests, but it does not include handling guidance for sensitive credentials such as avoiding logging, redaction, or secure storage. This can lead to accidental token exposure through shell history, debug output, copied examples, or downstream tooling.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation exposes authenticated POST and DELETE operations that can create, modify, and delete user-scoped phrase data, but it provides no warning about destructive effects, confirmation requirements, or safeguards. In an agent skill context, this increases the chance an agent will perform state-changing actions automatically from ambiguous user requests, leading to accidental data loss or unauthorized modifications.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The documentation describes account-affecting mutations to a user's study plan, including adding words and forcing immediate review, without an explicit confirmation or caution about irreversible workflow changes. In an agent skill context, this increases the risk that an automated agent invokes state-changing endpoints from casual user queries and alters study schedules unexpectedly.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The file documents bulk export of all study data without any privacy, retention, or destination-handling warning. In an agent setting, this could normalize large-scale extraction of personal learning history and increase the chance of unnecessary data exposure or over-collection.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
**Response**: `{ "phrase": Phrase }`

### DELETE /phrases/{id} — Delete phrase

**Response**: `{ "phrase": Phrase }`
Confidence
94% confidence
Finding
DELETE /phrases/{id}

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal