ClawHub

Bookmark Keeper

Security checks across malware telemetry and agentic risk

Overview

This is a local command-line bookmark/productivity logger that stores user-entered text on the user’s machine, with no evidence of network exfiltration or destructive behavior.

Install only if you are comfortable with a local plain-text activity log. Do not store passwords, API keys, private personal notes, or sensitive business data in it, and periodically inspect or delete ~/.local/share/bookmark-keeper if you no longer want the saved history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The implemented command set does not match the advertised bookmark-management purpose and instead behaves like a generic personal activity logger. This mismatch is dangerous because users may trust the stated functionality and unknowingly provide data under false assumptions, increasing the chance of inappropriate collection and retention of personal information.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The add command accepts and stores arbitrary free-form input rather than validating or structuring bookmark data such as URL, title, tags, or category. That broad input capture expands the chance that sensitive notes, tokens, or unrelated personal data will be persisted locally without users realizing the true behavior.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The search function scans all activity logs, not a bounded bookmark dataset, so any previously stored arbitrary text can be redisclosed on demand. In the context of a supposedly bookmark-focused skill, this broad retrieval behavior increases privacy risk because unrelated sensitive entries may be surfaced unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The export feature writes accumulated user content to plain files in multiple formats without strong disclosure, access controls, or data minimization. If the host is shared, backed up, or otherwise accessible, exported data can be read by other local users or accidentally propagated beyond the user's expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Multiple commands persist arbitrary user input to local log files indefinitely, but the interface does not clearly disclose that long-term storage is occurring. This is dangerous because users may enter sensitive research notes, credentials, or personal information believing they are issuing transient commands rather than creating a durable local record.

Ssd 3

Medium
Confidence
94% confidence
Finding
The script systematically records user-provided content and later exposes it through status, recent, search, and export functions in plain text. Even without network exfiltration, this creates a local data-leak surface because sensitive input becomes easily retrievable and redisclosable from persistent storage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal