Back to skill
Skillv1.0.1
VirusTotal security
UpNote · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:42 AM
- Hash
- c176b16313268e1f3f617916dea8c875da036cac839e4d20a689c70ef066eb25
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: upnote Version: 1.0.1 The skill bundle is benign. The `SKILL.md` provides clear, non-malicious instructions for the AI agent to manage UpNote notes and notebooks. The `scripts/upnote.sh` script correctly uses `urlencode` for all user-controlled string inputs (like titles, text, notebook names, tags, and search queries) before constructing `upnote://x-callback-url` commands. This prevents shell injection vulnerabilities. The script's functionality is limited to interacting with the UpNote application via its documented x-callback-url scheme, with no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts to subvert the agent's intended purpose.
- External report
- View on VirusTotal