Back to skill
Skillv1.0.2
ClawScan security
FadNote · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 3, 2026, 10:31 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill’s code, runtime instructions, and requested environment variable are coherent with a CLI that encrypts plaintext client-side and posts an encrypted blob to a configured server; nothing in the package indicates unexplained or disproportionate access.
- Guidance
- This skill appears to do what it claims: it encrypts your content locally and POSTs an encrypted blob to the configured FADNOTE_URL, with the decryption key placed in the URL fragment (not sent to the server). Before installing or using it: 1) Verify you trust the endpoint you set in FADNOTE_URL (the server will receive encrypted blobs and metadata like TTL and size). 2) If you rely on the claimed zero-knowledge model, review the publicly linked source (https://github.com/easyFloyd/fadnote) to confirm the implementation matches the SKILL.md. 3) Remember the decryption key is embedded in the shareable URL fragment — anyone with the full URL can decrypt the note. 4) If you plan to use automatic email delivery via another skill, be aware the skill will send the decryption URL through that channel. These are privacy/operational considerations, not evidence of malicious behavior.
Review Dimensions
- Purpose & Capability
- okName/description (self-destructing notes) match the provided files and behavior: the CLI encrypts input client-side and posts it to FADNOTE_URL. Required binary (node) and a configurable endpoint (FADNOTE_URL) are appropriate for this purpose. Minor note: primaryEnv is set to a URL (not a secret), which is unusual but not harmful.
- Instruction Scope
- okSKILL.md instructs the agent to run the fadnote CLI and only references the FADNOTE_URL env var and local stdin/cli usage. The runtime script only reads stdin/args, uses crypto, and POSTs the encrypted blob to the configured endpoint. There are no instructions to read unrelated files, other environment variables, or to exfiltrate raw plaintext to third parties.
- Install Mechanism
- okNo automated install/download is present (no install spec). The package provides a local CLI script and suggests manual installation or ClawHub install. This is low-risk compared with arbitrary remote downloads or extract operations.
- Credentials
- noteOnly FADNOTE_URL is required; that is proportional for a service endpoint. It is labeled as the primary credential in metadata even though it is not a secret credential — this is odd but not dangerous. The skill does not request tokens, keys, passwords, or unrelated credentials.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills or system configurations, and has no special persistent privileges. It can be invoked autonomously (platform default), which is expected for a user-invocable skill.