ClawHub

Capacities

Security checks across malware telemetry and agentic risk

Overview

This is a small, instruction-only Capacities API helper whose account access and network calls match its stated note-management purpose.

Install only if you are comfortable giving the agent a Capacities API token and having note text, URLs, search terms, and space metadata sent to Capacities. Set CAPACITIES_SPACE_ID when using multiple spaces, review content before saving, and avoid sending secrets or highly sensitive material unless you intend it to be stored in Capacities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documentation instructs sending user-provided note text, URLs, and search terms to a third-party API but does not warn that this data leaves the local environment and may contain sensitive personal knowledge-base content. In a note-management skill, this omission can lead users or downstream agents to transmit private information without informed consent or minimization.

External Transmission

Medium
Category
Data Exfiltration
Content
### Daily Notes
To add a thought, task, or note to today's daily note:
`curl -X POST https://api.capacities.io/save-to-daily-note -H "Authorization: Bearer $CAPACITIES_API_TOKEN" -H "Content-Type: application/json" -d '{"spaceId": "$CAPACITIES_SPACE_ID", "mdText": "Your note here"}'`

### Web Links
To save a URL to your space:
Confidence
89% confidence
Finding
curl -X POST https://api.capacities.io/save-to-daily-note -H "Authorization: Bearer $CAPACITIES_API_TOKEN" -H "Content-Type: application/json" -d '{"spaceId": "$CAPACITIES_SPACE_ID", "mdText": "Your n

External Transmission

Medium
Category
Data Exfiltration
Content
### Daily Notes
To add a thought, task, or note to today's daily note:
`curl -X POST https://api.capacities.io/save-to-daily-note -H "Authorization: Bearer $CAPACITIES_API_TOKEN" -H "Content-Type: application/json" -d '{"spaceId": "$CAPACITIES_SPACE_ID", "mdText": "Your note here"}'`

### Web Links
To save a URL to your space:
Confidence
89% confidence
Finding
https://api.capacities.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Web Links
To save a URL to your space:
`curl -X POST https://api.capacities.io/save-weblink -H "Authorization: Bearer $CAPACITIES_API_TOKEN" -H "Content-Type: application/json" -d '{"spaceId": "$CAPACITIES_SPACE_ID", "url": "https://example.com"}'`

### Search / Lookup
To find an object's ID:
Confidence
85% confidence
Finding
https://api.capacities.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Search / Lookup
To find an object's ID:
`curl -X POST https://api.capacities.io/lookup -H "Authorization: Bearer $CAPACITIES_API_TOKEN" -H "Content-Type: application/json" -d '{"spaceId": "$CAPACITIES_SPACE_ID", "searchTerm": "My Note"}'`

### Space Info
To get all object types and structures:
Confidence
87% confidence
Finding
https://api.capacities.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Space Info
To get all object types and structures:
`curl -X GET "https://api.capacities.io/space-info?spaceid=$CAPACITIES_SPACE_ID" -H "Authorization: Bearer $CAPACITIES_API_TOKEN"`
Confidence
83% confidence
Finding
https://api.capacities.io/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal