ClawHub

notetaker-pro

Security checks across malware telemetry and agentic risk

Overview

This note-taking skill is mostly coherent, but it persistently captures sensitive content and includes under-bounded setup, export, network, memory, and dashboard-sync behavior users should review first.

Review before installing. Use it only if you are comfortable with persistent local note storage and agent file-write/export permissions. Avoid saving secrets, regulated data, private URLs, or confidential whiteboard photos unless you have confirmed URL fetching, long-term memory, and dashboard/Supabase sync are disabled or explicitly approved. Run setup only from a clean, known skill directory and back up any existing note indexes before initializing or exporting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The API contract promises soft deletion, but the schema defines no deleted flag, deleted_at timestamp, or archival table to implement it. This mismatch can lead developers to perform hard deletes or inconsistent ad-hoc handling, creating data loss, broken sync behavior, and retention/privacy failures when users or downstream systems assume recoverability.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script advertises filter support globally, but the single-document export path never applies --category, --tag, or --since. This can cause users to unintentionally export all notes, including sensitive entries they expected to exclude, creating a confidentiality risk through over-export rather than code execution.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The setup prompt instructs an agent to create directories and files, copy package content, and change permissions on the local filesystem without any explicit warning that these actions will modify the host environment. Because the block is designed to be pasted wholesale into an agent chat, it encourages blind execution of side-effecting commands and normalizes trusting discovered files from the workspace.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The usage trigger is broad enough to activate on ordinary conversational content such as pasted text, photos, or informal messages, which can cause the skill to capture and store data the user did not clearly intend to save. In a note-taking skill that persists content and performs indexing, overbroad activation increases the risk of unintended retention of sensitive information.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill description markets aggressive capture of text, voice, photos, and fetched URL content but does not clearly warn users that this material will be stored, indexed, and made searchable. Because the skill processes potentially sensitive personal and business information, the absence of an upfront privacy notice can lead to uninformed disclosure and retention of confidential data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The optional memory feature proposes pushing high-value notes into long-term agent memory across sessions without a clear warning about persistence scope, retention, or sensitivity implications. Cross-session memory materially changes the privacy model and could expose personal facts, decisions, or confidential notes beyond what users expect from a local note capture workflow.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The spec describes note data being written to local JSON files and synchronized to Supabase, including potentially sensitive note content, images, and extracted text, but does not mention consent, disclosure, retention, or security controls. In a note-taking context this materially increases privacy risk because users may store personal, business, or credential-like information without understanding where it is persisted or transmitted.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example depicts the agent persistently saving detailed meeting notes, including names, schedules, ownership, and budget information, without any indication of user consent, retention notice, or sensitivity warning. In practice, this can normalize silent storage of confidential business information and lead users to disclose material that may be retained longer than expected.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The photo workflow states that the original uploaded image is saved as a reference, but gives no warning that images may be retained. Whiteboard photos often contain sensitive roadmaps, credentials, internal architecture, or other confidential material, so silent retention increases the risk of privacy breaches, over-collection, and unintended secondary use.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The example depicts an agent persisting content from a voice transcript into notes and updating a searchable index without any notice, consent flow, or data-sensitivity warning. Voice dumps often contain mixed personal, work, and potentially confidential information, so normalizing silent storage in example behavior can lead downstream implementations to retain sensitive data longer than users expect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal