ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Supernote Cloud

v1.0.0

Access a self-hosted Supernote Private Cloud instance to browse files and folders, upload documents (PDF, EPUB) and notes, convert web articles to EPUB/PDF and send them to the device, check storage capacity, and navigate the directory tree. Use when the user mentions Supernote, e-ink device files, wants to upload/browse documents on their Supernote cloud, or wants to send an article/URL to their e-reader.

0· 1.8k·0 current·0 all-time
by@nickian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (manage a self-hosted Supernote Private Cloud, upload articles/files, convert web pages) matches the included scripts (a CLI shell client and an article→ebook converter). The functionality present is coherent with the claimed purpose.
!
Instruction Scope
SKILL.md instructs the user to export SUPERNOTE_URL, SUPERNOTE_USER, and SUPERNOTE_PASSWORD and shows many curl/python calls. The shell script then uses those env vars, contacts the given BASE_URL endpoints, downloads remote content (for article conversion and image embedding), resolves directory trees, and uploads local files. The instructions and scripts therefore access network endpoints, arbitrary web URLs, and local files — all expected for this purpose but broad. The concern is that SKILL.md grants the skill freedom to fetch arbitrary URLs and to read local files specified for upload; it also caches auth tokens on disk. There are no instructions limiting scope or warning about credential handling.
Install Mechanism
This is an instruction-only skill with no installer, so nothing is written to disk by an installer. The runtime includes two scripts shipped in the bundle; no remote download or package install mechanics are present in the registry metadata (lowest install risk).
!
Credentials
The registry metadata declares no required environment variables or primary credential, but SKILL.md and scripts require three sensitive env vars (SUPERNOTE_URL, SUPERNOTE_USER, SUPERNOTE_PASSWORD). That's an inconsistency: the skill runtime will ask for and use credentials despite the registry not advertising them. The skill will send the hashed password to the configured BASE_URL and caches a token in /tmp/.supernote_token (permission 600). This credential access is proportionate to the described functionality, but the metadata omission and on-disk token cache are notable risks and surprising to a user who inspects the registry entry only.
Persistence & Privilege
always is false (not forced into every agent run) and disable-model-invocation is default (agent may call it autonomously). The script writes a token file to /tmp/.supernote_token for session caching — a lightweight persistence that can expose a session token to other local users/processes on the host. The skill does not modify other skills or global agent settings.
What to consider before installing
This skill appears to implement a reasonable Supernote Private Cloud client, but there are two key issues to consider before installing: - Metadata mismatch: The registry entry declares no required environment variables or credentials, but the SKILL.md and scripts require SUPERNOTE_URL, SUPERNOTE_USER, and SUPERNOTE_PASSWORD. Don’t assume the skill is low-privileged — it needs your Supernote credentials and a URL. Only provide those to a trusted self-hosted server. - Token caching and local file access: The CLI caches an auth token in /tmp/.supernote_token (file permission 600) and will read local files you ask it to upload and will fetch arbitrary web URLs to convert into EPUB/PDF. If an attacker or untrusted package controls the configured BASE_URL, your credentials could be sent to that host. Also, the token file in /tmp may be accessible to other local users depending on your system policies. Recommendations: - Verify/inspect the full scripts yourself (you have them). Confirm BASE_URL is a server you control or trust before entering credentials. - Consider creating a dedicated, limited Supernote account for use with this skill rather than using a primary account. - Run the skill in an isolated environment (container or disposable machine) if you’re concerned about token leakage or untrusted network endpoints. - Be cautious when using the article conversion feature: it fetches arbitrary web pages and embedded images (network I/O). If you only need file upload/listing, avoid using article conversion or review the converter's behavior. Confidence: high that the skill is internally inconsistent (metadata vs runtime) and that the scripts will access sensitive credentials and perform network/local-file operations; this warrants a cautious installation approach.

Like a lobster shell, security has layers — review code before you run it.

latestvk97221yrprjf2f89eczz23naxx80354t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments