ClawHub

Notes Know You

Security checks across malware telemetry and agentic risk

Overview

This skill is not deceptive, but it asks to deeply analyze private Evernote notes and persist sensitive personal details into AI memory with weak review and consent controls.

Install only if you are comfortable letting the agent read your Evernote/Yinxiang notebooks and turn selected details into lasting USER.md and memory files. Review the generated Markdown and memory outputs before relying on them, avoid storing developer tokens in shared shell profiles or command history, clarify whether your AI analysis is local or remote, and do not enable scheduled sync until you know how to inspect and disable it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs shell execution and file writes but does not declare corresponding permissions, which weakens consent and policy enforcement around sensitive capabilities. In this context, the skill reads private notes, invokes external tooling, and modifies local memory files, so hidden capability use increases the risk of unexpected data changes and unsafe execution paths.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes full-sync and analysis of all notebooks, including diaries, work, relationships, and reading, to build persistent USER.md and memory files, but it does not prominently warn users that highly sensitive personal data may be extracted, summarized, and stored in new local artifacts. Even if processing is described as local, the skill explicitly feeds note content into an AI analysis step and creates durable profile/memory outputs, which increases exposure, retention, and the chance of accidental leakage or misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill processes highly sensitive personal notes and persists derived profile data into USER.md and memory files without a prominent, upfront consent warning during ordinary use. This can lead to broad profiling, retention of intimate details, and creation of long-lived summaries the user may not realize are being generated or preserved.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The recurring auto-sync feature establishes ongoing reprocessing of private notes and automatic updates to persistent memory without a strong warning about continued background profiling and data modification. Once scheduled, future changes in the notes can silently propagate into long-lived agent memory, increasing privacy and persistence risk over time.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup guide instructs users to place a long-lived Evernote developer token in shell profile or system environment variables without any warning about credential exposure risks. Tokens stored this way can be exposed through shell history, process environments, crash reports, shared profiles, or other local tooling, which is especially sensitive given this skill syncs and analyzes personal notes that may contain highly private data.

Ssd 3

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to extract broad personal facts, relationships, habits, goals, and values from private notes and persist them into long-lived memory files. This creates a concentrated profile of sensitive user data that can outlast the original context, expand exposure within the agent ecosystem, and amplify harm if accessed by other skills, users, or future sessions.

Session Persistence

Medium
Category
Rogue Agent
Content
1. Default interval: `24h`
2. Parse the interval (e.g., `6h`, `12h`, `24h`, `7d`)
3. Use the agent's cron/scheduler to register a recurring job that runs `/notes-know-you sync`
4. Confirm to the user: "Scheduled notes-know-you to run every {interval}. Next run: {datetime}."

---
Confidence
87% confidence
Finding
register a recurring job

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal