Sumo Smart Note

Security checks across malware telemetry and agentic risk

Overview

This skill transparently saves requested notes to local workspace files and a disclosed SumoNoteBook shared folder, with privacy cautions but no hidden or destructive behavior found.

Install only if you want note commands to create local markdown files in both the OpenClaw workspace memory folder and the SumoNoteBook raw/shared folder. Avoid recording credentials, private customer data, proprietary details, or other sensitive material unless that shared folder is appropriate for it, and verify OPENCLAW_WORKSPACE plus the hard-coded SumoNoteBook path before first use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Tainted flow: 'filepath' from os.environ.get (line 45, credential/environment) → open (file write)

Medium

Category: Data Flow
Content: else: new_content = content with open(filepath, 'w', encoding='utf-8') as f: f.write(new_content) print(f"[OK] Saved to workspace: {filepath}")
Confidence: 91% confidence
Finding: with open(filepath, 'w', encoding='utf-8') as f:

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill describes file and environment-capable behavior, including local persistence and synchronization to an external/shared path, but does not declare permissions or boundaries. This creates a transparency and policy-enforcement gap: users and the platform cannot reliably assess or constrain what data the skill can read or write.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger phrases are common conversational expressions such as '記下來' and '寫下來', which can easily occur in normal dialogue without the user intending to activate persistent note capture. Because activation leads to storage and synchronization, accidental triggering can cause unintended recording of sensitive or private content.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill advertises automatic saving of development notes to both the workspace and a shared external notebook location without a clear privacy warning, consent flow, or data classification guidance. This is dangerous because conversations and development notes often contain secrets, internal code details, credentials, or personal data that may be copied to a broader-access location without the user's informed approval.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The instructions explicitly direct the agent to persist and synchronize conversation and development content to shared storage in natural language, effectively encouraging broad data exfiltration from the chat context into a secondary repository. In this skill context, that is especially risky because the stored material may include sensitive debugging details, proprietary project information, or secrets, and the destination is a shared path rather than a user-private location.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal