ClawHub

Dnote

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Dnote note-management purpose, but it gives an agent under-scoped access to delete notes/books, sync private notes, and print raw configuration without enough user safety controls.

Review this before installing if your Dnote database contains private or business-critical information. Prefer Homebrew or a verified release over the curl-to-shell installer, use local-only mode unless you intentionally want cloud sync, do not store secrets in notes or Dnote config, and require explicit confirmation before allowing an agent to run remove or remove-book.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The config command reads and prints ~/.config/dnote/dnoterc directly, which may expose sync endpoints, tokens, usernames, or other sensitive configuration to the caller. In an agent skill context, this broadens the tool from note management into credential/config disclosure, increasing the risk of unintended secret exfiltration.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents destructive operations like removing notes and deleting entire books without any warning, confirmation guidance, or safety constraints. In an agent setting, this increases the risk of accidental data loss if the model invokes these commands based on ambiguous user intent or malformed inputs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes `dnote login` and sync across devices without warning that note contents may be transmitted to a remote service. Because notes often contain sensitive operational, personal, or credential-adjacent content, encouraging sync without a privacy notice can lead to unintentional data exposure off-device.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Both note and book deletion are forced with -y, bypassing any confirmation prompt. In an agent-driven environment, this makes accidental or prompt-injected destructive actions much easier and can lead to irreversible data loss without user awareness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The sync command invokes dnote sync with no warning, disclosure, or gating, which can transmit note contents and metadata to a remote service. In a note-management skill, silent support for network egress increases the impact of misuse because personal knowledge-base contents may leave the local environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal