Security audit

Lovefromio Getnote

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Get笔记 note integration, but it needs review because it can upload user content, access private notes, and store long-lived credentials with broad automatic triggers.

Install only if you want the agent to manage your Get笔记 account. Use it with explicit save/search requests, configure GETNOTE_OWNER_ID in any shared or group setting, verify the OAuth code on the official Get笔记 page, and remember that links, images, OCR text, searches, and note contents may be sent to Get笔记 and that the local API key persists until revoked.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The OAuth section instructs the agent to execute a local polling script, run background processes, and write obtained API credentials directly into a local config file. That goes beyond normal note-management operations and creates a dangerous path for credential persistence and arbitrary local execution, which could be abused or normalized by adversarial skill content.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README explicitly states that first-time OAuth setup is triggered by broad note-related phrases such as '存到笔记' or essentially any note action. This can cause the skill to activate and initiate authorization in contexts where the user did not intend to configure an external integration, increasing the chance of accidental consent or social-engineering-assisted account linking.

Vague Triggers

High

Confidence: 94% confidence
Finding: The trigger conditions include very broad everyday words like '笔记', '保存', '收藏', and auto-trigger on any URL or image, making accidental invocation likely. In this skill, accidental invocation is more dangerous because it can save user content remotely, initiate OAuth automatically, and affect private data/state without a strong confirmation boundary.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill describes automatic saving of links/images and automatic configuration writes, both of which change user data or local system state, but it does not pair these actions with explicit up-front risk disclosure or confirmation. This weakens informed consent and increases the chance of unintended data collection, credential setup, or privacy leakage.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The package description advertises very broad, low-friction triggers such as saving content from a link or image with casual phrases, which increases the chance of unintended activation and silent collection of user content. In a note-taking skill that can ingest URLs, images, OCR text, and transcriptions, overly permissive triggering can cause privacy-impacting actions without sufficiently explicit user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.