ClawHub

Flomo Via App

Security checks across malware telemetry and agentic risk

Overview

This skill sends user-selected notes to Flomo using a webhook token, with some documentation and credential-storage caveats but no evidence of hidden or malicious behavior.

Install only if you are comfortable giving the skill a Flomo webhook token and sending selected note content to Flomo. Prefer the default local .env storage, avoid saving the token in shell startup files, and treat the current send script as webhook-based despite older URL-scheme wording in SKILL.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documentation claims a safer local-first URL-scheme flow with automatic fallback, but the actual behavior reportedly writes secrets to local config and sends note contents directly to a remote webhook. This mismatch can cause users to disclose sensitive notes and webhook credentials under false assumptions about local-only handling, making informed consent and risk evaluation impossible.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The README explains that note content is sent via Webhook API but does not clearly disclose that user-entered notes and tags are transmitted over the network to an external third-party service. This can cause unintentional disclosure of sensitive personal or business information because users may treat the tool like a local quick-capture utility rather than a remote submission mechanism.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents automatic webhook fallback but does not clearly warn that note contents may be transmitted to flomo servers. Users may paste sensitive notes, clipboard contents, or SSH-session data believing the operation is local, leading to unintended disclosure of private or regulated information.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation describes a reusable personal webhook URL but does not warn that the token embedded in that URL is effectively a secret credential. If users expose it in screenshots, logs, shell history, or shared configs, anyone with the URL may be able to post arbitrary content into their flomo inbox.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script offers to persist the flomo webhook token in a shell startup file such as ~/.zshrc or ~/.bashrc without clearly warning that this stores a long-lived secret in a broadly loaded file. Shell rc files are commonly sourced by many processes, may be backed up or shared unintentionally, and increase the chance of accidental disclosure compared with a dedicated secret store or isolated config file.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends user-supplied note content to an external webhook endpoint without any upfront disclosure or consent prompt at the point of transmission. Because this skill is intended for quick capture of arbitrary notes, users may unknowingly transmit sensitive personal or work data off-device, making the lack of explicit disclosure materially risky.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal