Back to skill

Security audit

aispeech_ainote

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AI office-notebook integration, but it needs review because it can read and change personal notes, todos, labels, and hotwords, and it documents fallback access to a saved auth token file.

Install only if you trust the publisher and intend to grant this skill access to your AI office notes, todos, labels, knowledge search, and write/delete operations. Prefer OpenClaw-managed per-skill secret injection for AIWORK_AUTH_TOKEN, avoid the local token-file export fallback, and manually confirm the exact item before allowing deletes, moves, syncs, or binding changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill advertises very broad activation conditions such as querying, deleting, searching, syncing, and updating multiple categories of personal data without clear boundaries, exclusions, or confirmation requirements. In an agent setting, ambiguous invocation criteria can cause the skill to be selected for unintended requests, increasing the chance of unauthorized access to personal notes or accidental destructive actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation exposes multiple destructive operations including deleting todos, notes, hotwords, and note groups, but it does not state that these actions are high-risk, may move data to trash, or may be difficult to recover. In agent-driven workflows, omission of explicit user-facing warnings and confirmation guidance materially increases the risk of accidental data loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.