Open Notebook Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local notebook integration, with expected local persistence and Docker setup that users should handle carefully.

Before installing, make sure you trust the open-notebook checkout and Docker Compose file you run. Only save content you are comfortable keeping in a persistent local notebook, and avoid storing secrets, tokens, or sensitive personal data unless you understand how the local service stores and exposes it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The included PowerShell functions transmit arbitrary notebook content and user queries to a local HTTP API and persist that data in an external service, but the skill does not clearly warn users that prompts, notes, and potentially sensitive information will be stored and processed outside the agent session. Although the endpoint is localhost, this still creates a real privacy and data-handling risk because local services may be exposed, logged, containerized, or accessed by other processes/users on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal