Noverload - Knowledge Memory
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: noverload Version: 1.0.0 The skill is classified as benign. It clearly defines its purpose as a knowledge management tool integrating with the Noverload service. The `SKILL.md` file explicitly details the execution of `npx -y noverload-mcp@latest` to run the Model Context Protocol (MCP) server, which is a standard method for distributing Node.js CLI tools. Crucially, the skill is configured for `readOnly: true` by default, enhancing security by preventing the agent from modifying user data without explicit user configuration. The documentation also includes clear privacy and security statements, and there are no signs of prompt injection attempts or instructions for malicious behavior within the provided files. The external dependency on `noverload-mcp` introduces a general supply chain risk, but the skill definition itself does not exhibit malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future or compromised npm package update could run locally under the user's account and access the configured Noverload token.
Activation runs the latest npm MCP package instead of a pinned, reviewed version; the package code is not present in the artifact set and will receive the token configuration.
mcp-server: command: npx args: ["-y", "noverload-mcp@latest"]
Pin `noverload-mcp` to a specific trusted version, verify the package provenance, and review it before giving it a real token.
Anyone or any code with this token may be able to access the user's Noverload data according to the token's privileges.
The skill requires a personal access token to connect the agent to the user's Noverload account; read-only mode reduces but does not remove account-access sensitivity.
NOVERLOAD_CONFIG: '{"accessToken":"${NOVERLOAD_TOKEN}","apiUrl":"https://www.noverload.com","readOnly":true}'Use a dedicated, revocable token with the narrowest available permissions and keep `readOnly:true` unless write access is required.
Private saved content may be surfaced in agent responses, and untrusted saved web content could influence the agent if treated as authoritative.
The skill intentionally retrieves persistent saved content into the agent's working context, including potentially private PDFs, posts, articles, and transcripts.
Your agent can now access your entire knowledge library. Search semantically, synthesize insights across sources...
Only connect libraries you are comfortable exposing to the agent, and treat retrieved content as reference material rather than instructions.
If write mode is enabled, the agent could change library organization or mark tasks complete when the user did not intend that.
The skill documents optional mutation authority over the user's Noverload library and action items.
With `readOnly: false`, your agent can: - Save new URLs to your library - Add tags to content - Mark items as swipe files - Complete action items
Leave the default read-only mode enabled unless needed, and require explicit user confirmation before save, tag, or completion actions.