ClawHub

Alexandrie

Security checks across malware telemetry and agentic risk

Overview

This is a real Alexandrie notes client, but it deserves review because it uses a local password/session for a hardcoded account and can change or delete notes.

Install only if you control the configured Alexandrie account and want the agent to access it. Treat this as granting the agent permission to read, create, update, and delete notes; require explicit confirmation before update or delete actions, protect the ALEXANDRIE_PASSWORD file, and log out or remove the /tmp cookie when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes a destructive delete operation on user notes with no warning, confirmation requirement, or guidance to obtain explicit user approval before execution. In an agent setting, this increases the chance of accidental or prompt-induced data loss because the model may treat deletion as a routine supported action.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents create, update, and delete capabilities against a real user's notes but does not warn that these actions modify persistent user data. This omission makes accidental tampering more likely, especially if the agent is instructed ambiguously or is manipulated into performing writes without sufficient user awareness.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script automatically sources a local .env file to obtain a password, causing implicit access to sensitive credentials without explicit user awareness or consent at runtime. Because `source` executes shell syntax, this also increases risk beyond simple secret loading if the file contents are modified or untrusted.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal