ClawHub

AI 速记敏捷助手

Security checks across malware telemetry and agentic risk

Overview

SnapNotes is a real AI note-taking tool, but it encourages storing passwords and can send raw notes or full note history to an external AI service without enough safeguards.

Install only if you are comfortable with local plaintext storage and with note contents being sent to the AI endpoint you configure. Do not store passwords, API keys, personal data, regulated data, or confidential business secrets in SnapNotes unless both the machine and AI provider are approved for that data.

Publisher note

ClawScan Summary: Data Persistence: Local JSONL storage in ~/.openclaw/workspace/memory/snapnotes/. Pure local storage, GDPR compliant. External Connectivity: Opt-in LLM integration via user-provided API key (OpenAI compatible). Safety: Does not execute arbitrary system commands; strictly manages local business notes. Capabilities: Uses AI for real-time quality checks and automated business entity extraction to improve workflow data quality.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises executable commands that invoke a local Python script and imply file read, file write, and likely network-backed semantic/AI features, but the manifest does not declare any permissions or capability boundaries. This creates a transparency and governance gap: users or hosting platforms may not understand the skill's effective access level, increasing the risk of over-privileged execution or unsafe deployment assumptions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to configure third-party model endpoints and states that notes are transmitted for AI requests, but it does not clearly warn against sending secrets, credentials, or other sensitive business data to external providers. In the context of a note-taking and business-intelligence skill, this omission can lead users to unknowingly exfiltrate confidential notes and API keys to remote services.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The example normalizes asking the system for a previously stored website password and directly displaying it in the response. This encourages unsafe handling of credentials, conditions users to store secrets in general notes, and increases the risk of credential disclosure through search results, logs, screenshots, shared terminals, or downstream AI processing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill sends raw user note content and aggregated business records to a third-party AI endpoint using the configured api_base without any explicit consent, warning, redaction, or data-classification guardrail. In this skill’s context, notes are likely to contain sensitive commercial information such as customers, suppliers, prices, order numbers, and procurement details, so silent exfiltration to an external service creates a meaningful confidentiality and compliance risk.

Ssd 3

High
Confidence
98% confidence
Finding
The Chinese example explicitly demonstrates natural-language retrieval and plaintext echoing of a stored website password, which is a direct sensitive-data exposure pattern. Because the skill is designed for fast capture and recall of fragmented information, this context makes the issue more dangerous: users are nudged to treat the tool as a memory store for secrets, making accidental or unauthorized disclosure more likely.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal