Noverload - Knowledge Memory
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s purpose is clear, but it automatically runs an unpinned npm MCP server with your Noverload token and access to your saved knowledge library.
Install only if you trust Noverload and the `noverload-mcp` npm package. Prefer a pinned package version, use a dedicated revocable token, keep read-only mode on unless you need writes, and remember that retrieved library content may become part of the agent's working context.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future or compromised npm package update could run locally under the user's account and access the configured Noverload token.
Activation runs the latest npm MCP package instead of a pinned, reviewed version; the package code is not present in the artifact set and will receive the token configuration.
mcp-server: command: npx args: ["-y", "noverload-mcp@latest"]
Pin `noverload-mcp` to a specific trusted version, verify the package provenance, and review it before giving it a real token.
Anyone or any code with this token may be able to access the user's Noverload data according to the token's privileges.
The skill requires a personal access token to connect the agent to the user's Noverload account; read-only mode reduces but does not remove account-access sensitivity.
NOVERLOAD_CONFIG: '{"accessToken":"${NOVERLOAD_TOKEN}","apiUrl":"https://www.noverload.com","readOnly":true}'Use a dedicated, revocable token with the narrowest available permissions and keep `readOnly:true` unless write access is required.
Private saved content may be surfaced in agent responses, and untrusted saved web content could influence the agent if treated as authoritative.
The skill intentionally retrieves persistent saved content into the agent's working context, including potentially private PDFs, posts, articles, and transcripts.
Your agent can now access your entire knowledge library. Search semantically, synthesize insights across sources...
Only connect libraries you are comfortable exposing to the agent, and treat retrieved content as reference material rather than instructions.
If write mode is enabled, the agent could change library organization or mark tasks complete when the user did not intend that.
The skill documents optional mutation authority over the user's Noverload library and action items.
With `readOnly: false`, your agent can: - Save new URLs to your library - Add tags to content - Mark items as swipe files - Complete action items
Leave the default read-only mode enabled unless needed, and require explicit user confirmation before save, tag, or completion actions.