ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Notnative

v1.0.1

Use Notnative MCP server for complete AI assistant integration with notes, calendar, tasks, Python, canvas, and permanent memory. This skill provides persist...

0· 2.1k·2 current·2 all-time
by@k4ditano
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name, description, and included files (a WebSocket MCP client) align with the stated purpose of connecting to a NotNative MCP server for notes/memory/calendar/tasks/Python/canvas. Required binaries (node, curl) and the dependency on the 'ws' npm package are expected for a WebSocket client.
!
Instruction Scope
SKILL.md mandates that the assistant 'ALWAYS' store user personal facts and search memory before responding. That gives the skill broad discretion to persist arbitrary user-provided personal data. The runtime instructions and client send data over a user-specified WebSocket to a NotNative server (local or remote), which means arbitrary user content can be transmitted off-host. The SKILL.md also references the NOTNATIVE_WS_URL environment variable but the registry metadata did not list any required env vars, creating a transparency gap.
Install Mechanism
There is no remote binary download; install.sh runs npm install (fetching 'ws' from the npm registry), makes the client executable, writes a .config/env file, creates a symlink in ~/.local/bin, and appends an export to ~/.bashrc. These actions are common for CLI tools but do modify user shell configuration and install files to the home directory—users should be aware and review the install script before running it.
!
Credentials
The skill runtime uses NOTNATIVE_WS_URL (and the install script persists that value into .config/env and ~/.bashrc) but the skill metadata did not declare any required env vars. While no unrelated cloud credentials are requested, the omission is an inconsistency that reduces transparency about where memories will be sent. The core capability (persistent memory) justifies needing a server URL, but the manifest should declare it.
!
Persistence & Privilege
The install script persists configuration (writes .config/env and appends NOTNATIVE_WS_URL to ~/.bashrc) and creates a symlink in ~/.local/bin, giving the skill ongoing presence on the host. More importantly, SKILL.md instructs the assistant to permanently store user personal facts in memory (by design for this skill), which increases the privacy and exfiltration risk if the configured NotNative server is remote or untrusted.
What to consider before installing
This skill implements a WebSocket client that sends and retrieves persistent memories from a NotNative MCP server. Before installing or using it: - Understand that SKILL.md requires the assistant to ALWAYS persist user personal facts (preferences, name, allergies, etc.). If you install, the assistant may record such information permanently to the configured NotNative server. - The install script will run npm install, create ~/.config/env, add an export to your ~/.bashrc, and add a symlink in ~/.local/bin. Review the install.sh and only run it if you trust these changes. - The skill transmits data over a WebSocket URL that you provide; do not point it at an untrusted remote server. If you must use a remote server, confirm its trustworthiness and data retention policy. - Note a transparency issue: the manifest did not declare NOTNATIVE_WS_URL even though the runtime uses and persists it. Ask the maintainer to update metadata to list required env vars and document privacy/retention behavior. - If you have privacy concerns, do not provide personal or sensitive information to the assistant while this skill is active, or avoid installing the skill. Consider isolating the NotNative server locally (localhost) if you want local-only persistence. - If you need more assurance, request the upstream project/source code provenance and whether server-side MCP tool implementations have access controls or auditing for stored memory.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ch4jm4c1dzf1a67a27m9s6s816jv2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binsnode, curl

Comments