ClawHub

快速笔记

Security checks across malware telemetry and agentic risk

Overview

This is mostly a simple local notes skill, but its search command can be steered outside the notes folder and its clear command deletes all stored notes without confirmation.

Review before installing. Do not use this for sensitive notes unless the search command is constrained to ~/.quick-notes and the clear command is changed to require explicit confirmation or move notes to a recoverable location.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior includes a destructive `note clear` capability that is not reflected in the higher-level description, which only advertises adding, viewing, and searching notes. This mismatch can cause users or calling agents to invoke the skill under incomplete assumptions, increasing the chance of unintended data loss from a command they were not primed to expect.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill metadata says it supports adding, viewing, and searching notes, but the script also exposes a destructive `clear` action that recursively deletes the entire notes directory. This hidden capability increases risk because users or calling agents may invoke functionality not disclosed by the manifest, leading to unexpected data loss.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill documents a command that clears all notes without any cautionary text, confirmation flow, or indication that data deletion is irreversible. In a local note-taking context, this creates a straightforward risk of accidental destruction of user data, especially if an agent or user assumes commands are non-destructive by default.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The `clear` command performs immediate irreversible deletion with `rm -rf "$NOTES_DIR"` and provides no warning, confirmation, or recovery path. In an agent setting, this is especially dangerous because accidental invocation, parameter confusion, or unsafe chaining can wipe all user notes without the user's explicit consent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal