Back to skill

Security audit

Flomo Send

Security checks across malware telemetry and agentic risk

Overview

This skill sends notes to flomo using a user-configured webhook, with a documentation mismatch but no hidden or destructive behavior found.

Install only if you intend notes passed to this skill to be sent to flomo over the network. Prefer the local .env option over shell profile storage, keep the webhook token private, and avoid sending secrets or highly sensitive clipboard contents through quick-capture commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documentation claims local URL-scheme delivery with automatic fallback, but the analyzed behavior indicates webhook-only operation and failure without webhook configuration. This mismatch can mislead users into exposing a flomo webhook token or sending notes to a remote service when they expected only local app handling, creating confidentiality and trust risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The webhook URL contains a bearer-style token in the path, and the reference presents it as a reusable endpoint without explicitly warning that anyone who obtains it can post notes into the user's flomo inbox. In a skill that instructs users to configure this webhook for automation, missing secrecy guidance increases the chance of accidental disclosure through screenshots, logs, shell history, shared configs, or repositories.

External Transmission

Medium
Category
Data Exfiltration
Content
PAYLOAD="{\"content\": \"$ESCAPED\"}"
    fi

    RESP=$(curl -sS -w "\n%{http_code}" -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -d "$PAYLOAD" || true)
    HTTP_STATUS=$(echo "$RESP" | tail -n1)
    BODY=$(echo "$RESP" | sed '$d')
Confidence
88% confidence
Finding
curl -sS -w "\n%{http_code}" -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -d

Credential Access

High
Category
Privilege Escalation
Content
;;
            *)
                # Save to .env file (default)
                ENV_FILE="$(dirname "$0")/../.env"
                echo "# Flomo Skill Configuration" > "$ENV_FILE"
                echo "FLOMO_WEBHOOK_TOKEN=$WEBHOOK_TOKEN" >> "$ENV_FILE"
                echo "# FLOMO_WEBHOOK_URL=$WEBHOOK_URL" >> "$ENV_FILE"
Confidence
77% confidence
Finding
.env"

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.