ClawHub

get笔记 英文名版

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Getnote integration, but it gives an agent access to private notes plus delete and public-share actions without strong confirmation safeguards.

Install only if you trust this publisher and Getnote with access to your private notes. Before using it, require the agent to confirm the exact note title or ID before updates, deletion, image upload, or any public share link, and configure GETNOTE_OWNER_ID in shared or group contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill documentation exposes an API for generating public note share links, which expands access beyond the stated core use case of saving, searching, and managing personal notes. In a personal-notes context, undocumented or weakly-guarded sharing can cause unintended disclosure of sensitive private content, especially if an agent invokes it without an explicit, informed user request.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The natural-language routing includes very broad verbs like “搜/找找/有没有 XX” and “最近/列表/看看/查笔记”, which are common conversational phrases and can cause the skill to activate when the user did not clearly intend note access. Because this skill can search and reveal private note metadata or content, accidental invocation creates a real privacy and overreach risk rather than a purely cosmetic UX issue.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill header advertises activation on generic phrases such as ‘保存’, ‘收藏’, ‘搜一下’, and ‘找找笔记’, without strong scope boundaries or explicit confirmation requirements. In context, this skill interfaces with a personal knowledge base and may save user content or retrieve private notes, so ambiguous invocation language materially increases the chance of unintended writes or disclosure.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The documentation includes a destructive delete operation without requiring a warning, confirmation, or safer UX guidance. In an agent setting, this increases the risk of accidental or misunderstood deletion of personal knowledge data, even if the backend moves items to trash rather than immediately purging them.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The public sharing flow is documented without any warning that it creates a publicly accessible link, creating a privacy and confidentiality risk. Because this skill manages personal notes that may contain transcripts, attachments, and linked content, accidental sharing could expose highly sensitive information to anyone with the URL.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The image and note-saving flow sends user-provided content to external services, including the Get笔记 API and OSS object storage, and stores it persistently, but the instructions do not require notifying the user or obtaining consent. This creates a privacy and data-handling risk because users may not realize images, links, or extracted text are uploaded, retained, and processed asynchronously by third-party infrastructure.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal