ClawHub

FadNote

Security checks across malware telemetry and agentic risk

Overview

FadNote appears to do what it claims: encrypt notes locally, upload only encrypted note data to a configured FadNote server, and return a shareable one-time link.

Install only if you are comfortable sending encrypted note ciphertext to the configured FADNOTE_URL. Use a trusted or self-hosted endpoint for highly sensitive secrets, review the content before creating a note, and protect the full generated URL because it contains the decryption key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares runtime requirements and an environment variable but does not explicitly declare permissions despite clearly using network access and environment-sourced configuration. This weakens the platform's ability to present accurate consent and risk information, and can mislead users into invoking a skill that transmits sensitive content off-host.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad and map common natural-language requests like 'Secure this [content]' or 'Share this securely' directly to a skill that sends user-provided secrets to an external service. In an agent setting, this increases the chance of unintended activation during ordinary conversation, causing accidental exfiltration of passwords, API keys, or private notes.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill markets itself as 'secure' and 'zero knowledge' but does not clearly warn users in the description/usage flow that their content is still transmitted as ciphertext and metadata to a remote FadNote server. For a skill explicitly handling secrets, omission of this disclosure can cause users to share highly sensitive material under the mistaken assumption that nothing leaves their environment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The CLI sends encrypted note data to a remote service but never clearly warns the user that their content is being uploaded off-host to whatever endpoint is configured in FADNOTE_URL. Although the payload is client-side encrypted, users may incorrectly assume the tool is purely local or may not realize they are trusting remote storage, metadata handling, availability, and endpoint configuration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal