ClawHub

Flomo Send

Security checks across malware telemetry and agentic risk

Overview

This skill sends user-provided notes to flomo using a webhook, with some documentation inconsistency and credential-storage tradeoffs users should review.

Install only if you intend notes passed to this script to be sent to flomo over the network. Prefer the default local .env storage over writing the token to .zshrc or .bashrc, protect the webhook token like a password, and avoid sending secrets or highly sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documentation promises a local-first URL-scheme workflow with webhook fallback, but the described behavior includes persisting secrets to .env or shell profiles, sourcing local configuration into the shell, and using curl-based webhook delivery without evidence of actually checking app availability or invoking the advertised fallback logic. This mismatch is dangerous because users may trust the safer-described behavior while the actual implementation expands the attack surface to credential persistence, shell-environment injection risks, and unanticipated network transmission of note content.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script's behavior contradicts its stated purpose: it always sends note content over a webhook and never attempts local app/URL-scheme delivery first. This can mislead users into transmitting potentially sensitive notes to a remote endpoint when they expected a local handoff with fallback only on failure, increasing privacy and trust risk.

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The inline documentation claims app-based delivery with webhook fallback, but the code contains no logic for URL Scheme or local app invocation. Security-relevant misrepresentation is dangerous because users may choose the skill assuming a lower-exposure local workflow while the script actually performs remote transmission only.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation instructs users to send note content to a flomo webhook over the network but does not clearly warn that potentially sensitive notes leave the local device and are transmitted to an external service. In a skill that advertises automatic webhook fallback, this omission can cause users to unknowingly route private memos, links, or ideas to a remote endpoint when they may expect only a local app handoff via URL scheme.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script posts arbitrary note content to a remote webhook without any explicit user confirmation, warning, or dry-run mode. In the context of a note-capture skill, users may paste sensitive clipboard contents, credentials, or private thoughts and unintentionally exfiltrate them off-device.

External Transmission

Medium
Category
Data Exfiltration
Content
### 请求格式

```bash
curl -X POST https://flomoapp.com/iwh/xxxxxxxx \
  -H "Content-Type: application/json" \
  -d '{"content": "笔记内容 #标签"}'
```
Confidence
84% confidence
Finding
curl -X POST https://flomoapp.com/iwh/xxxxxxxx \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# 基础用法
curl -X POST https://flomoapp.com/iwh/xxxxxxxxx \
  -H "Content-Type: application/json" \
  -d '{"content": "Hello from API"}'
Confidence
84% confidence
Finding
curl -X POST https://flomoapp.com/iwh/xxxxxxxxx \ -H "Content-Type: application/json" \ -d '{"content": "Hello from API"}' # 带标签 curl -X POST https://flomoapp.com/iwh/xxxxxxxxx \ -H "Content-Ty

External Transmission

Medium
Category
Data Exfiltration
Content
PAYLOAD="{\"content\": \"$ESCAPED\"}"
    fi

    RESP=$(curl -sS -w "\n%{http_code}" -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -d "$PAYLOAD" || true)
    HTTP_STATUS=$(echo "$RESP" | tail -n1)
    BODY=$(echo "$RESP" | sed '$d')
Confidence
90% confidence
Finding
curl -sS -w "\n%{http_code}" -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal