ClawHub

Note Skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent HTML study-note template skill, with minor privacy and routing caveats but no evidence of hidden execution, credential access, persistence, or data exfiltration.

Install only if you want an agent to generate styled HTML notes. Be aware that generated pages may contact Google Fonts and unpkg when opened, and consider narrowing the trigger words or removing remote assets if you need offline/private notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The template is advertised as a single-file HTML note page, but it loads external font and icon stylesheets from Google Fonts and unpkg. This creates network dependency, privacy leakage to third parties, and supply-chain risk if those resources are unavailable or tampered with, though it is not an immediate code-execution flaw by itself.

Context-Inappropriate Capability

Low
Confidence
83% confidence
Finding
A study-note template does not strictly require live third-party network fetches, yet this file includes them, which expands the attack surface beyond its stated purpose. In the skill context, generated notes may be shared or opened in restricted environments, so unexpected outbound requests can leak metadata and create avoidable trust and availability issues.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The layout library is presented as a general-purpose study note template, yet multiple examples are framed around attack chains, exploit steps, and offensive security presentation patterns. In a skill that generates HTML notes, such examples can normalize or directly facilitate harmful content generation, especially because users may reuse these snippets as ready-made templates for documenting attacks.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger word "笔记" is extremely broad and is likely to match many ordinary requests unrelated to this specific HTML notebook-generation skill. That can cause unintended invocation or routing, leading the agent to apply this skill in inappropriate contexts and potentially transform sensitive or security-related content into polished output without clear user intent.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The English trigger word "note" is highly generic and commonly appears in normal conversation, making accidental activation likely. In an agent environment, such overbroad matching can misroute user requests, apply the wrong workflow, and unexpectedly pull in this skill when the user did not ask for HTML notebook rendering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal