ClawHub

X To Notebook

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform its stated bookmark-to-NotebookLM sync, but it relies on reusable X session cookies and can transfer private bookmark content with limited safeguards.

Install only if you are comfortable exporting X session cookies and copying bookmark text and URLs into Google NotebookLM. Protect the cookie file like a password, avoid unattended cron sync until you have reviewed folder routing, and confirm which notebooks will receive which bookmark folders before syncing sensitive material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Intent-Code Divergence

Medium
Confidence
83% confidence
Finding
The code comments and control flow treat folder_id=None as an 'Unfiled' bucket, but fetch_folder_bookmarks documents that None fetches all bookmarks. This can cause bookmarks from all folders to be routed into the notebook matched to 'Unfiled', creating unintended cross-notebook data disclosure and duplication of sensitive bookmark content.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This script imports and persistently stores X/Twitter cookies, which are authentication secrets that can enable account access without re-entering credentials. In the context of a bookmark-sync skill, collecting and saving raw session cookies is broader and more dangerous than the stated functionality requires, and storing them unencrypted under the user's home directory increases the risk of credential theft by other local processes or users.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup instructions ask the user to export authenticated X.com cookies into a local JSON file without clearly warning that these cookies may grant account access equivalent to a live session. Storing session cookies in a predictable path increases the risk of credential theft, accidental disclosure, or misuse by other local tools or users.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation phrases like "push my bookmarks" and "sync bookmarks to notebook" are broad enough to match normal user speech without making the external data transfer explicit. That can cause the skill to trigger unexpectedly and send bookmark content to NotebookLM when the user did not clearly intend this specific cross-service action.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description does not clearly warn that bookmark contents and X URLs will be transmitted into a third-party service, NotebookLM. Because bookmarks may contain sensitive or private research material, the lack of an upfront disclosure increases the risk of unintentional data exfiltration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script reads X authentication cookies from a fixed path in the user's home directory and uses them for authenticated access, but the file itself contains no user-facing disclosure or consent mechanism. In an agent skill context, silent use of stored auth material is security-sensitive because it can access private account data without making that trust boundary explicit to the user.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code performs an authenticated request to fetch bookmark data from X using the loaded cookies, which accesses potentially private user content. In a skill that auto-syncs bookmarks to another service, undisclosed authenticated collection increases the risk of users unknowingly exporting private reading history or sensitive saved posts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal