ClawHub
Back to skill
v1.0.2

Notebook

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:52 AM.

Analysis

Notebook is mostly a coherent local YAML notebook, but its file paths use user-defined type names without validation, which could let malformed type names write notebook files outside the intended folder.

GuidanceBefore installing, prefer a version that validates object type names and guarantees all notebook files stay inside the intended data directory. If you use it, choose simple type names like tasks or projects, avoid storing passwords or secrets, and confirm where the local notebook folder is being created.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
lib/store.js
function getObjectPath(type, id) {
  const typeDir = path.join(OBJECTS_DIR, type);
  if (!fs.existsSync(typeDir)) fs.mkdirSync(typeDir, { recursive: true });
  return path.join(typeDir, `${id}.yaml`);
}
...
const filePath = getObjectPath(typeName, id);

The user-defined type name is used directly as a path segment for directory creation and YAML file writes. The artifacts do not show validation that blocks path separators or '..', so a malformed type name could place notebook files outside the intended objects directory.

User impactA bad or adversarially chosen object type name could cause the skill to create directories and notebook YAML files in unexpected local paths instead of only inside the notebook data folder.
RecommendationRestrict type names to safe slugs such as letters, numbers, dashes, and underscores; reject path separators and '..'; normalize paths and verify the final path stays under the notebook objects directory before creating, updating, or deleting files.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Purpose: Track any object type you define such as ideas, projects, tasks, habits, books, and people.
...
Data Location
/data/notebook/

The skill is designed to persist arbitrary personal knowledge locally, including potentially sensitive notes about people, tasks, habits, and projects.

User impactNotebook entries may contain private information and can be retrieved or reused later by the agent during notebook workflows.
RecommendationTreat notebook content as persistent local memory: avoid storing secrets or credentials, review entries before sharing output, and treat stored notes as user data rather than authoritative instructions.