ClawHub

Apple Notes Snapshot Control-Room

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent, but it deserves review because it directs agents to run an external Apple Notes tool and load a recurring local backup job without clearly documenting consent, scope, or removal steps.

Install only if you intend to let a trusted local agent help operate Apple Notes Snapshot on your Mac. Before allowing the workflow, review the referenced `notesctl` repository and ask the agent to show exact commands. Do not allow the install/load step unless you want a recurring backup job and know how to disable or remove it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "apple notes snapshot" is broad enough to match ordinary discussion about the product rather than an actual request to invoke this skill. In an agent environment, over-broad triggers can cause unintended activation, leading the model to apply specialized instructions in the wrong context and potentially perform unsafe or misleading workflow guidance.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "ai diagnose" is too generic and can collide with unrelated requests about AI-based diagnosis in other projects or domains. This increases the chance of accidental skill invocation, which can redirect the agent into repository-specific operational advice when the user intended something else.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "local web api" is highly generic and could match many unrelated tasks involving local APIs. In a multi-skill system, this ambiguity can cause misrouting to this skill, producing incorrect instructions and weakening skill-boundary enforcement.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "attach proof" is vague and lacks enough semantic context to uniquely identify this workflow. Because it can plausibly appear in unrelated discussions, it risks accidental invocation and may cause the agent to expose or apply this skill's internal proof-path guidance outside its intended scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal