ClawHub

Joplin Cli

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a Joplin note-management helper, but its documentation under-warns about note deletion, remote sync, and plaintext credential handling.

Review the commands before installing or using this skill. Treat note edits, notebook creation, sync, and uninstall data-removal commands as high-impact actions: confirm the target notebook/note first, verify the configured sync destination before syncing, avoid putting passwords directly on the command line, and back up Joplin data before running any removal commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents destructive and state-changing commands such as creating notebooks, editing note bodies/titles, and running sync to a remote target, but provides no warning that these actions modify user data or may transmit notes to external storage. In an agent setting, this omission can lead to unintended data changes or exfiltration if the model invokes these commands without clear user confirmation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The sync configuration examples include entering credentials directly on the command line, which can expose secrets through shell history, process inspection, terminal logging, or copied documentation snippets. In a note-taking skill, sync targets may contain sensitive personal or business data, so poor credential-handling guidance increases the risk of account compromise and downstream data exposure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The uninstall section includes destructive deletion commands, including removal of the user's Joplin data directory, but the warning is only an inline comment and not a clear, prominent warning immediately tied to the code block. In an agent skill context, users or automation may copy-paste the block wholesale, causing unintended irreversible data loss.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal