ClawHub

Gno.Bak 2026 01 28T18:01:20+10:30

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for using the GNO local document search tool, with real privacy and exposure considerations but no artifact-backed deception or malicious behavior.

Install only if you already trust the gno CLI source. Index only folders you intentionally want searchable, avoid secrets or broad home-directory indexing, bind the web UI to localhost when handling private documents, and do not enable MCP write tools or run reset/cleanup/skill-install commands unless you explicitly want those persistent changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI reference documents `gno serve` with a default host of `0.0.0.0`, which exposes the web UI on all network interfaces by default. For a local document-search tool that may index sensitive files and provide AI Q&A over them, this increases the risk of unintended remote access if the machine is on an untrusted network or if firewall rules are permissive.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation advertises a write-capable installation mode (`--enable-write`) without explaining what additional actions the MCP server may be permitted to perform or the risks of granting write access to an AI-integrated tool. In an MCP context, enabling write tools can materially expand the blast radius from read-only document search to file modification, so omission of a warning can lead users to enable a more privileged configuration than intended.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal