Notebook

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local notebook tool, but its file path handling and deletion behavior deserve review before installation.

Review before installing. Use simple type names such as letters, numbers, hyphens, and underscores; avoid storing secrets; keep backups of the notebook folder; and treat delete operations as permanent unless the skill is updated to add confirmation, soft delete, and strict path validation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The phrase `Say expand and I will ask questions to add depth` creates a very broad natural-language trigger that can be invoked accidentally in unrelated conversation. Because `expand` is also a documented command tied to object modification workflows, unclear scoping can cause unintended state-changing actions or prompt flows when the user did not mean to operate on notebook data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation exposes a destructive command, `notebook delete typename title`, without warning that it removes stored notebook objects or indicating whether deletion is reversible. Users may invoke it casually or through agent assistance without understanding the data-loss consequence, increasing the risk of accidental deletion of local knowledge-base entries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal