Supernote Cloud
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Supernote-cloud purpose, but its shell helper unsafely embeds user-supplied values into Python commands, which could let crafted file or folder names run local code.
Review or patch scripts/supernote.sh before installing, especially its handling of directory paths, file paths, and credentials. If you proceed, use a trusted self-hosted Supernote URL over HTTPS, avoid untrusted file/folder names or URLs, and clear the cached token after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted folder path, file name, password, or token value could cause commands to run on the user's computer when the agent invokes the helper script.
The script inserts directory path components and file paths directly into Python source executed with python3 -c. Values containing a single quote and Python syntax could change what code runs.
target = '$PART' ... open('$FILE_PATH','rb')Patch before use: pass values to Python via argv or environment variables, use safe JSON construction such as json.dumps/jq, and avoid direct interpolation into executable code.
Anyone using the skill must provide Supernote login details, and the cached token could grant temporary account access if exposed on a shared machine.
The helper requires account credentials and stores a session token locally. This is purpose-aligned for Supernote access, but it is sensitive authority and the registry metadata declares no required env vars or primary credential.
if [ -z "$SUPERNOTE_URL" ] || [ -z "$SUPERNOTE_USER" ] || [ -z "$SUPERNOTE_PASSWORD" ]; then ... TOKEN_FILE="/tmp/.supernote_token"
Use HTTPS for the Supernote URL, set credentials only in a trusted session, remove /tmp/.supernote_token when done, and have the maintainer declare the credential/env requirements explicitly.
Manual dependency installation can introduce version drift or supply-chain risk, especially because the skill handles credentials and uploads files.
The skill lists third-party Python packages without pinned versions or a lockfile/install spec, so users may install whatever versions are current at setup time.
Python dependencies (for article conversion): `readability-lxml`, `ebooklib`, `requests`, `beautifulsoup4`, `lxml`.
Pin dependency versions, provide a reviewed requirements/lock file, and install in an isolated environment.