Nate Jones Second Brain

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it builds a personal knowledge database, but users must be comfortable storing private notes in Supabase and sending captured text to OpenRouter.

Install only for a dedicated personal Supabase project, not a database with unrelated app data. Protect and rotate the Supabase service-role key and OpenRouter key, avoid capturing secrets or highly sensitive third-party communications, and review OpenRouter/model-provider data policies because captured text and search queries are sent out for AI processing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (19)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document encourages frictionless capture of thoughts from channels like Slack, Signal, SMS, and voice into persistent storage, but it does not warn about collecting sensitive personal, work, or third-party data. In a personal knowledge system, this omission can lead users to ingest private communications or regulated data without informed consent, retention limits, or handling safeguards.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The framework states that OpenRouter is the AI gateway used for classification, but it does not disclose that captured content may be transmitted to an external processor. Because the system is designed to collect broad freeform input, users may unknowingly send confidential, personal, or proprietary text to a third party, creating privacy, compliance, and data exposure risk.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The correction flow instructs the agent to delete records from the wrong table and recreate them elsewhere, but it does not warn about destructive operations, accidental data loss, or the need for rollback. In an agent-mediated workflow, mistaken entity matching or automation errors could silently remove or overwrite user data, undermining integrity and trust.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The ingest flow sends full captured thought text to OpenRouter for embeddings and classification, but the document provides no explicit privacy notice, consent step, or guidance about handling sensitive personal content. Because these thoughts may include private messages, health, relationship, or work information from sources like Signal, SMS, email, and voice, undisclosed third-party transmission creates a real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to always store the raw thought text, embedding, and extracted metadata in Supabase, again without an explicit storage/retention warning. This is risky because the data model preserves potentially sensitive content and derived metadata indefinitely, increasing exposure in the event of overcollection, misuse, or database compromise.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documented chat completion flow sends raw user thought text to OpenRouter for classification and routing, but the file provides no privacy notice, consent guidance, or data-handling warning. In a personal knowledge system, those thoughts may contain sensitive personal, professional, or confidential material, so silently transmitting them to a third-party AI gateway creates a real privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The embeddings examples transmit user-provided text to an external API for semantic search without warning that the content leaves the local system. Because this skill is explicitly designed as a 'second brain' for capturing arbitrary thoughts, the likely data includes sensitive notes, making undocumented external transmission materially risky.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The document repeatedly instructs users to perform retrieval with the Supabase service-role key, which is a privileged secret that bypasses normal client-side access controls. It also sends user query text to OpenRouter for embeddings without any privacy warning, so sensitive personal knowledge queries may be disclosed to an external provider while privileged database access is normalized in examples.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The schema explicitly stores highly sensitive personal knowledge data, including freeform thoughts, people-related context, follow-ups, action items, dates, and source metadata from channels like Slack and Signal, but the documentation provides no privacy notice, retention guidance, data minimization requirements, or consent boundaries. In a personal knowledge system with semantic search across all records, this increases the risk of over-collection, unauthorized secondary use, and exposure of intimate or third-party personal information if the service role or surrounding application is compromised or misused.

External Transmission

Medium

Category: Data Exfiltration
Content: Convert the thought text into a 1536-dimensional vector via OpenRouter. ```bash curl -s -X POST "https://openrouter.ai/api/v1/embeddings" \ -H "Authorization: Bearer $OPENROUTER_API_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 90% confidence
Finding: curl -s -X POST "https://openrouter.ai/api/v1/embeddings" \ -H "Authorization: Bearer $OPENROUTER_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "openai/text-embedding-3-sma

External Transmission

Medium

Category: Data Exfiltration
Content: 1. Batch the embedding call (OpenRouter supports array input): ```bash curl -s -X POST "https://openrouter.ai/api/v1/embeddings" \ -H "Authorization: Bearer $OPENROUTER_API_KEY" \ -H "Content-Type: application/json" \ -d '{
Confidence: 89% confidence
Finding: curl -s -X POST "https://openrouter.ai/api/v1/embeddings" \ -H "Authorization: Bearer $OPENROUTER_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "model": "openai/text-embedding-3-sma

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # Embed the query QUERY_EMBEDDING=$(curl -s -X POST "https://openrouter.ai/api/v1/embeddings" \ -H "Authorization: Bearer $OPENROUTER_API_KEY" \ -H "Content-Type: application/json" \ -d '{"model": "openai/text-embedding-3-small", "input": "career changes"}' \
Confidence: 93% confidence
Finding: curl -s -X POST "https://openrouter.ai/api/v1/embeddings" \ -H "Authorization: Bearer $OPENROUTER_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: | jq -c '.data[0].embedding') # Search all tables curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/search_all" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \
Confidence: 98% confidence
Finding: curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/search_all" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \

External Transmission

Medium

Category: Data Exfiltration
Content: -d '{"model": "openai/text-embedding-3-small", "input": "website redesign tasks"}' \ | jq -c '.data[0].embedding') curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_thoughts" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \
Confidence: 97% confidence
Finding: curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_thoughts" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json"

External Transmission

Medium

Category: Data Exfiltration
Content: -d '{"model": "openai/text-embedding-3-small", "input": "career mentors"}' \ | jq -c '.data[0].embedding') curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_people" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \
Confidence: 96% confidence
Finding: curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_people" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \

External Transmission

Medium

Category: Data Exfiltration
Content: -d '{"model": "openai/text-embedding-3-small", "input": "website redesign"}' \ | jq -c '.data[0].embedding') curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_projects" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \
Confidence: 96% confidence
Finding: curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_projects" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json"

External Transmission

Medium

Category: Data Exfiltration
Content: -d '{"model": "openai/text-embedding-3-small", "input": "AI coaching ideas"}' \ | jq -c '.data[0].embedding') curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_ideas" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \
Confidence: 96% confidence
Finding: curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_ideas" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \

External Transmission

Medium

Category: Data Exfiltration
Content: -d '{"model": "openai/text-embedding-3-small", "input": "presentation follow-ups"}' \ | jq -c '.data[0].embedding') curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_admin" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \
Confidence: 97% confidence
Finding: curl -s -X POST "$SUPABASE_URL/rest/v1/rpc/match_admin" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \

External Transmission

Medium

Category: Data Exfiltration
Content: | jq -c '.data[0].embedding') # 2. Insert into Supabase curl -s -X POST "$SUPABASE_URL/rest/v1/thoughts" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \
Confidence: 83% confidence
Finding: curl -s -X POST "$SUPABASE_URL/rest/v1/thoughts" \ -H "apikey: $SUPABASE_SERVICE_ROLE_KEY" \ -H "Authorization: Bearer $SUPABASE_SERVICE_ROLE_KEY" \ -H "Content-Type: application/json" \ -H "P

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal