ClawHub

SilverBullet API

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SilverBullet note-management integration, but it can read, change, and delete notes on the configured server.

Install only if you want an agent to access your SilverBullet space. Keep SILVERBULLET_URL pointed at the intended server, do not let untrusted content choose base_url, and require confirmation before write, append, or delete actions because they affect real notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s stated purpose is markdown page management, but it also exposes a tool that retrieves SilverBullet server configuration via the /.config endpoint. That expands the accessible attack surface beyond the declared capability and may disclose sensitive operational details such as filesystem paths or server mode information that can aid reconnaissance or enable follow-on abuse.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This code allows any caller of the tool to inspect server configuration without any apparent access control, even though that capability is not necessary for ordinary note read/write/search operations. Information like read-only state, space folder path, or index page can leak internal environment details and help an attacker better target the SilverBullet instance.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises a destructive deletion operation with a direct example but provides no warning, confirmation guidance, backup advice, or scope limitation. In an agent setting, this increases the chance of accidental or overbroad deletion of user notes, especially if invoked from natural-language instructions or automation.

VirusTotal

47/47 vendors flagged this skill as clean.

View on VirusTotal