AI-Note
Security checks across static analysis, malware telemetry, and agentic risk
Overview
AI-Note appears to be a benign documentation-sharing skill, but it relies on mutable GitHub content and includes optional Git contribution commands that users should review before use.
This skill has no executable code and is mainly a public documentation lookup workflow. Before installing, be comfortable with the agent cloning and pulling from the linked GitHub repository. If you use the contribution workflow, review changes carefully before commit or push, and make sure the Git remote and account are the ones you intend to use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Advice produced through this skill may change over time based on updates to the GitHub repository.
The skill intentionally pulls documentation from a mutable public GitHub repository, so future repository changes can affect what the agent reads.
git clone https://github.com/Linux2010/ai-note.git cd ai-note && git pull origin main
Use the repository only if you trust its maintainers; for sensitive work, review notes directly or pin to a known commit.
If a note is outdated, inaccurate, or manipulated, the agent could repeat or rely on bad guidance.
The skill instructs the agent to incorporate retrieved notes into its responses, which is expected for this purpose but means external Markdown content can influence answers.
Apply knowledge: Use retrieved information to assist users effectively
Treat retrieved notes as reference material, not authority; verify important technical, security, or operational advice before acting on it.
An unintended commit or push could publish content under the user's Git identity or include unintended local repository changes.
The optional contribution workflow can modify a local checkout and publish a branch, which fits the stated collaboration purpose but is a user-impacting action.
git add . git commit -m "feat: add note about [topic]" git push origin feature/new-note-topic
Only allow contribution commands after user confirmation, and review `git status` and diffs before committing or pushing.
If the contribution path is used, actions may occur under the user's GitHub account or configured Git identity.
Pushing to GitHub normally uses the user's configured Git/GitHub credentials, although the artifacts do not show credential collection, hardcoded tokens, or credential exfiltration.
Push and create PR git push origin feature/new-note-topic
Use a fork or limited-scope Git credentials, and confirm the target remote before any push.