ClawHub

Personal Notes

Security checks across malware telemetry and agentic risk

Overview

This is a coherent personal notes skill that stores notes locally, with privacy and accidental-activation caveats but no evidence of exfiltration or hidden harmful behavior.

Install only if you are comfortable with personal notes being saved as plaintext in knowledge/personal/notes.md. Avoid storing passwords, secrets, health details, or highly sensitive diary entries unless you manage file access and backups carefully, and be explicit when asking the agent to save or retrieve notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly states that personal notes and diary entries are stored in a workspace file on disk, but it does not warn users that sensitive reflections, health details, credentials, or other private content may persist in plaintext. In a note-taking skill, this omission materially increases the chance of inadvertent disclosure through local access, backups, sync, logs, or later agent/tool access to the same workspace.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are overly broad for a skill that reads from and writes to persistent personal notes. Terms like note, thought, reflection, log, record, and write down can easily match ordinary conversation, causing unintended invocation and accidental access to or modification of sensitive stored data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to append content to a persistent personal file without requiring user-facing consent or even notifying the user that stored personal data will be modified. In a notes/journaling context, this is particularly risky because users may disclose sensitive thoughts or private information and not realize it is being permanently saved.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal