ClawHub

Joplin

Security checks across malware telemetry and agentic risk

Overview

This is a real Joplin note-management skill, but it gives an agent broad read/write/delete access to notes and stores credentials locally with limited safety boundaries.

Install only if you are comfortable giving the agent access to read, create, edit, search, and delete your Joplin notes. Prefer a dedicated low-privilege Joplin account if possible, keep ~/.joplin-server-config locked down, avoid JOPLIN_SKIP_TLS_VERIFY except for trusted local/self-signed setups, and require explicit confirmation before any delete-note action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents a `delete-note` command with no warning, confirmation step, or guidance to verify the target note before deletion. In an agent context, this increases the risk of accidental destructive actions and irreversible data loss if the wrong ID is supplied or inferred.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instructions retrieve secrets from 1Password and write them into a local config file without a clear warning about exposure in shell history, logs, terminal output, or persistent plaintext storage. This can lead to credential disclosure if the environment is shared, monitored, or insufficiently locked down.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The client performs authenticated requests carrying user content and session cookies, and it supports disabling TLS certificate verification via JOPLIN_SKIP_TLS_VERIFY. In a skill/agent context, this materially increases the chance of silent data transmission to a misconfigured or attacker-controlled endpoint, and if TLS verification is disabled it enables interception or man-in-the-middle attacks.

Session Persistence

Medium
Category
Rogue Agent
Content
1. **Always run the actual commands** using the Bash tool
2. **Check for errors** in JSON responses - report any errors to the user
3. **Show real data** from the API responses
4. If config is missing, offer to retrieve from 1Password or create manually

## Setup
Confidence
86% confidence
Finding
create manually ## Setup Credentials can be configured in two ways: ### Option A: Config File Create `~/.joplin-server-config`: ```bash JOPLIN_SERVER_URL=https://your-joplin-server.com JOPLIN_EMA

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal