NoteTaker Pro

Security checks across malware telemetry and agentic risk

Overview

NoteTaker Pro appears to be a real note-taking skill, but it under-discloses how broadly it stores, indexes, syncs, and remembers sensitive note content.

Install only if you are comfortable with your agent storing and indexing potentially sensitive notes, transcripts, pasted content, URLs, and image-derived text. Treat memory and dashboard/Supabase sync as separate data-sharing paths and enable them only after confirming where data is sent, retained, and deleted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (13)

Context-Inappropriate Capability

Medium

Confidence: 90% confidence
Finding: The skill explicitly allows pushing note-derived information into `memory_store`/`memory_recall`, extending persistence beyond the declared note datastore and normal note search scope. This increases privacy and data-retention risk because users may believe data stays only in note files while high-value facts, preferences, or decisions are copied into long-term memory for broader future use.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README promotes ingestion of text, voice notes, photos, and pasted documents without clearly warning users that these inputs may contain highly sensitive personal, financial, medical, or workplace data. In a note-taking skill, encouraging broad capture without prominent privacy guidance increases the risk of users exposing confidential information or using the tool in unsafe contexts.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The setup prompt instructs the agent to create directories, initialize files, and change permissions on the filesystem without any explicit user-facing warning or confirmation step for those side effects. In an agent context, hidden or non-consensual filesystem mutation is risky because users may paste the block expecting configuration help, not direct system changes affecting persistent local state.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The activation conditions are broad enough that ordinary user messages, pasted text, photos, or recall-like questions could trigger storage or retrieval without sufficiently clear consent boundaries. In a note-taking skill that processes sensitive personal, OCR, and transcription data, ambiguous triggering raises the chance of unintended collection, retention, and disclosure.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The instruction to treat an 'implicit' informational dump as a note is underspecified and can cause accidental capture of sensitive data the user only intended to discuss transiently. Because this skill is designed to store and index content, overbroad intake logic materially increases privacy risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill markets capture of text, voice, pasted content, and photos without warning users that sensitive personal information, OCR output, and transcriptions may be stored and indexed. In a note-taking context, this omission is important because the expected data is often highly personal or confidential.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: Fetching pasted URLs without a user-facing privacy/data-handling warning can expose user activity and cause external requests to third parties unexpectedly. In this skill context, users may paste links assuming local note capture, not realizing the system will contact remote servers and ingest page contents.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Advertising long-term memory storage for note-derived data without a clear persistence warning creates a meaningful transparency and consent gap. Users may not expect facts, preferences, and decisions extracted from notes to persist across sessions outside the note files themselves.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The spec describes automatic syncing between local JSON files, Supabase, and the dashboard without any notice, consent, or security/privacy controls around persistence and transmission. Because notes may contain sensitive personal or business content, silent background replication increases the risk of unintended disclosure, over-retention, and exposure through local files, APIs, or misconfigured storage.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The example shows the agent saving detailed meeting notes containing names, schedules, budget, ownership, and other potentially sensitive business information without any visible consent, sensitivity warning, or retention notice. In a real deployment, this can lead to unintentional collection and storage of confidential internal data, especially because the behavior is presented as automatic and desirable.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Storing the original uploaded whiteboard photo increases privacy and confidentiality risk because images may contain sensitive diagrams, names, credentials, internal roadmaps, or other data beyond the extracted notes. The example normalizes retaining the raw source image as a reference without warning, minimization, or retention controls, which broadens the blast radius of any unauthorized access or over-retention.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The example depicts the agent saving extracted notes and updating an index file, but gives no indication that the user was informed their voice transcription would be persisted. Because voice dumps can contain mixed personal and work information, silent storage creates a real privacy risk and can lead to unintended retention of sensitive data.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill description explicitly shows extraction of names, work tasks, deadlines, and personal recommendations from a voice transcript, yet omits any warning that this personal data may be stored and indexed. This increases the chance that users will disclose sensitive information without understanding how broadly it will be retained or searchable.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal