ClawHub

Notes Skill / 笔记技能

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local notes skill, with the main caution that broad trigger phrases could make note actions happen too easily.

Install this only if you want an agent to maintain a persistent local notes database. Use clear note-management commands, avoid storing highly sensitive information unless you trust the local environment, and confirm before listing, searching, archiving, or backing up notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough that ordinary conversation about notes or archiving could unintentionally invoke the skill, causing unintended note creation, searches, or archive actions. In an agent setting, overly permissive triggers can turn benign user text into state-changing operations on persistent data without clear confirmation.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill explicitly says that any note-related scenario should check this skill, which creates an overly broad activation surface. In an agent environment, vague triggers can cause unintended invocation, leading to unauthorized note reads, writes, archival actions, or backups during ordinary conversation that merely mentions notes.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Several trigger phrases are common conversational expressions and can match benign dialogue too broadly. Because this skill operates on persistent local data in a SQLite database, accidental activation could expose stored notes or modify them without sufficiently explicit user consent.

Session Persistence

Medium
Category
Rogue Agent
Content
### Features

- **Create notes** — Quick note-taking with automatic timestamp
- **Search notes** — Full-text search across all notes
- **List notes** — View all notes with archiving status
- **Archive notes** — Mark notes as organized/archived
Confidence
85% confidence
Finding
Create notes** — Quick note-taking with automatic timestamp - **Search notes** — Full-text search across all notes - **List notes** — View all notes with archiving status - **Archive notes** — Mark no

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal