ClawHub

Reflect Notes

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Reflect helper that writes notes and links to a user’s Reflect account with a disclosed token, with no evidence of hidden or destructive behavior.

Install only if you want an agent to add notes or links to your Reflect graph and to list Reflect links/books/graphs when asked. Keep the Reflect token private, prefer the narrowest token Reflect allows, avoid saving secrets or sensitive chat content unless intentional, and revoke the token if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documents shell-based network operations but does not declare corresponding permissions, creating a transparency and policy-enforcement gap. In an agent environment, undeclared shell access can let the skill perform outbound actions the user or platform did not clearly authorize.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The declared purpose says the skill appends notes and creates notes, but the documentation also includes creating links and retrieving links/books/graphs. This mismatch can mislead users and security controls about the real data-access scope, increasing the risk of unintended external transmission or access to broader account metadata.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest description omits retrieval capabilities that are present in the body, which weakens informed consent and accurate risk review. A user expecting write-only note capture may unknowingly enable a skill that can also query saved links, books, or graph metadata.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The documentation states the API is append-only and cannot read note contents, but later advertises retrieval operations. Even if note contents remain unreadable, the wording can create a false sense of readlessness while the skill still accesses account metadata and saved resources, which is security-relevant.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal