ClawHub

Zettel Link

Security checks across malware telemetry and agentic risk

Overview

Zettel Link is a coherent note-search skill, but users should understand that remote embedding providers can receive note text and search queries if selected.

Install only if you are comfortable indexing the selected notes folder. Use the default local Ollama provider for private vaults; if you switch to OpenAI or Gemini, assume note text and search queries are sent to that provider. Keep any .env file out of synced or committed note folders, and review or delete the .embeddings cache when you no longer want derived note data stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README documents cloud embedding providers and API key handling but does not clearly warn users that note contents may be transmitted to third-party services when OpenAI or Gemini are selected. In a note-management skill, this can expose sensitive personal, corporate, or proprietary note data through normal use, especially because users may assume all processing is local due to the emphasis on local Ollama support and '.env' key loading.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger condition is broad enough that the skill may activate for many ordinary note-related requests, causing unnecessary file scanning, embedding, or network-backed processing. In this context the risk is mainly unintended invocation, which can expose note content to processing paths the user did not specifically request.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly supports remote embedding providers, which means note contents and user queries may be transmitted to third-party services, but the documentation does not prominently warn about that privacy exposure. Because this skill operates on personal knowledge-base content, the contextual sensitivity of the data makes silent remote transmission more dangerous.

Missing User Warnings

Low
Confidence
87% confidence
Finding
Referencing API key environment variables and a local .env file without secure-handling guidance can lead users to store secrets insecurely or accidentally expose them through the vault or repository. While the document does not itself exfiltrate credentials, it normalizes secret usage without adequate safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The plan explicitly adds support for remote embedding providers such as OpenAI, Gemini, and Ollama but does not mention any consent, disclosure, or data-handling safeguards. In this skill's context, note contents and user queries may contain sensitive personal knowledge-base data, so silently sending them to external services creates a real privacy and data-exfiltration risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The planned search flow embeds user queries and compares them against cached note embeddings, and elsewhere the TODO states embedding may use remote providers. Without warning or controls, this can expose both live queries and note-derived content to third-party APIs, which is especially sensitive in a Zettelkasten/note-management skill where data may include private research, credentials, or proprietary information.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script can transmit full cleaned note contents to remote APIs without an explicit runtime warning or consent flow. In a note-taking context, content may include sensitive personal, proprietary, or secret material, so silent disclosure to third-party services creates a meaningful privacy and data-governance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal