ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notes Skill / 笔记技能

v1.0.0

SQLite 笔记管理系统。由 AI agent(霜糖)代为管理和操作笔记。 触发场景: - 用户说"笔记..."、"记一下..."、"帮我记..."、"存一条笔记" - 用户说"找一下..."、"搜一下关于...的笔记" - 用户说"列出笔记"、"有哪些笔记" - 用户说"标记已整理"、"归档" - 用户说"备...

0· 65·1 current·1 all-time
by@cocoonovo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the behavior: a local SQLite-based note manager storing data under ~/.openclaw/workspace/notes. The requested capabilities (create, search, list, archive, backup) align with a notes skill. However, the SKILL.md instructs the agent to run scripts at ~/.agents/skills/notes-skill/scripts/*.py even though no install spec and no code files are provided in the package—this discrepancy reduces coherence.
Instruction Scope
Instructions stick to note management (optimize content, insert/search/update the DB, perform backups). They reference only local paths (~/.openclaw/... and ~/.agents/...), and do not instruct network exfiltration. Concern: the agent is told to run arbitrary local Python scripts (init.py, backup.py) whose contents are not present for review; also SQL examples are shown as literal INSERTs (no guidance on parameterized queries), which could lead to unsafe SQL construction if not handled carefully.
!
Install Mechanism
No install spec (instruction-only) is lowest-risk normally. But the skill expects scripts to exist at ~/.agents/skills/notes-skill/scripts/*.py and provides no mechanism to install or audit them. That absence means either (a) the platform provides these scripts out-of-band (should be documented), or (b) required code is missing—both are concerns because runtime behavior depends on unseen code.
Credentials
The skill requests no environment variables, no credentials, and uses only local file paths. This is proportionate to a local notes manager.
Persistence & Privilege
always:false and user-invocable:true (default) — no elevated persistence is requested. Scheduled backups are described as triggered by OpenClaw cron, which is appropriate for a backup feature.
What to consider before installing
Before installing or enabling: 1) Confirm where ~/.agents/skills/notes-skill/scripts/init.py and backup.py come from — inspect their source code. Do NOT run the skill if those scripts are not provided or you cannot review them. 2) Verify the scripts do not contact external endpoints or exfiltrate data and that they run with least privilege. 3) Check that database and backups are stored with appropriate filesystem permissions (restrict access to your user). 4) If the agent will execute SQL, ensure queries are parameterized (avoid building raw SQL with unescaped user input). 5) If you want stronger isolation, run the skill in a sandboxed account or container. 6) If the missing scripts are supposed to be installed by the platform, ask the publisher/platform for the install manifest and full script sources; missing runtime code is the main reason this skill is marked suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk973fk03q1vn09pgw81f497r0x841v0bnotesvk973fk03q1vn09pgw81f497r0x841v0bopenclawvk973fk03q1vn09pgw81f497r0x841v0bsqlitevk973fk03q1vn09pgw81f497r0x841v0b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments