Karakeep Save

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it saves user-provided bookmarks to the Karakeep server the user configures.

Install this only if you want ClawHub to save bookmarks to your Karakeep instance. Use a trusted KARAKEEP_URL, prefer HTTPS, use a revocable API key, and avoid saving confidential URLs or notes unless you intend them to be stored on that server.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill invokes a shell script (`{baseDir}/scripts/save.sh`) but does not declare permissions for shell/code execution. Undeclared execution capability is dangerous because it weakens transparency and reviewability, making it easier for a skill to perform actions the user or platform did not explicitly authorize. In this context the shell use appears functional rather than overtly malicious, but it still expands the attack surface.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill sends user-provided URLs and optional notes to a remote Karakeep API, but the markdown does not clearly warn that this data leaves the local system. This creates a privacy and consent issue: users may provide sensitive links, internal URLs, or personal notes without realizing they are being transmitted to an external/self-hosted service. The skill context makes the behavior expected, but lack of explicit disclosure still presents a real risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal