MH bear-notes

Security checks across malware telemetry and agentic risk

Overview

This Bear Notes skill is coherent and purpose-aligned, but users should protect the Bear token and understand it installs a third-party CLI.

Install this only if you want an agent to read or change Bear notes through grizzly. Treat the Bear API token as sensitive: store it with restrictive file permissions, avoid putting real tokens in shared logs or shell snippets, and review note-writing actions before approving them. Consider pinning or reviewing the grizzly version instead of relying on @latest.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs users to store a Bear API token in a predictable plaintext file path without warning about file permissions, secret exposure, or avoiding shell history/logging leaks. While this is common for local CLI tools, the missing guidance can lead to credential disclosure via overly permissive filesystem permissions, backups, shared machines, or copied config snippets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal