ClawHub

ima_skills_yc

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent IMA notes integration, but it can read and change private notes and its trigger guidance is broad enough to warrant review before installation.

Install only if you want an agent to access your IMA notes. Keep the API key private, prefer revocable credentials, avoid using this in shared chats for sensitive notes, and ask the agent to confirm the target note/notebook and exact content before creating or appending anything.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to read arbitrary local files such as `tmpfile` and to invoke helper runtimes/tools (Python, Node, iconv, PowerShell) to transform content before sending it to the notes API. That expands the skill from note management into local file access and arbitrary content ingestion, creating a path for unintended sensitive-file exfiltration if the agent maps attacker-controlled inputs or downloaded files into these workflows.

Vague Triggers

High
Confidence
95% confidence
Finding
The activation criteria are overly broad, including generic requests like '帮我记一下' or any intent involving personal document access, which can cause the skill to trigger on many ordinary conversations. In an agent environment, overbroad triggering increases the chance of unauthorized note reads/writes or sending user content to the external notes service without sufficiently clear intent.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The skill-level trigger guidance is overly broad and encourages activation for loosely related requests about personal documents or remembering things. In an agent setting, this can cause the skill to be invoked without sufficiently explicit user intent, increasing the chance of unintended access to private notes or accidental storage of user content in the external service.

Vague Triggers

Medium
Confidence
72% confidence
Finding
Endpoint trigger scenarios such as '搜索' and '导入笔记' are too generic and may match ordinary assistant tasks that do not clearly authorize note-service operations. Because this skill can read and modify private user data, ambiguous routing can lead to unintended API calls, privacy exposure, or unwanted note creation/modification.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation exposes create and append operations without warning that they will modify persistent user data. In agent workflows, lack of an explicit mutation warning increases the risk of silent or accidental writes to a user's notes, which can cause data integrity issues, privacy mistakes, or unwanted record creation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal