ClawHub

smart-auto-note

Security checks across malware telemetry and agentic risk

Overview

This note helper has a coherent purpose, but it writes persistent notes to a hard-coded local folder and includes mismatched background/network claims that users should review before installing.

Install only if you are comfortable with automatic local note writes. Before use, change the hard-coded folder to your intended Obsidian vault, remove unused cron/message permissions unless you need them, and do not rely on the offline/no-third-party claim unless the CDN-loaded Mermaid script is removed or bundled locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The page claims to be offline and have zero third-party dependencies, but it actually loads Mermaid from an external CDN. In a skill that may be trusted to process notes locally, this discrepancy matters because CDN-hosted code can change, fail, or be tampered with, undermining supply-chain integrity and the user's expectation that no external resources are involved.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill automatically creates files under a hard-coded local directory and persists data without any explicit user disclosure or consent flow in the code. This is risky because a user may not realize their free-form input is being written to disk in a specific personal notes location, which can lead to unintended storage of sensitive information and privacy issues.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The main workflow appends user input directly into local markdown files after lightweight keyword classification, again without disclosing the persistence location or asking for confirmation in the common path. Because the skill handles arbitrary natural-language input, users may unintentionally store confidential work or personal data in files they did not expect to be modified.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal