ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Provenote MCP Outcome Workflows

v1.1.1

Teach an agent to install Provenote's first-party MCP server, connect it in a host, and run read-first outcome workflows.

0· 73·0 current·0 all-time
byYifeng[Terry] Yu@xiaojiou176
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the instructions: the packet teaches how to install, launch, and wire a first‑party Provenote MCP server and run read‑first workflows. One inconsistency: INSTALL.md lists 'uv' as a required binary and a specific GitHub repo to clone, but the registry metadata reported 'required binaries: none' — the skill will in practice need 'git' and 'uv' (and network access) to follow the install steps.
Instruction Scope
SKILL.md and the references clearly confine actions to cloning the Provenote repo, launching its MCP server (via 'uv run provenote-mcp'), editing host MCP config snippets, and performing read-first tool calls (draft.list, research_thread.list, auditable_run.list). The instructions do not ask the agent to read unrelated system files or exfiltrate credentials, but they do require the agent/host to run shell commands and fetch code from an external GitHub repo (https://github.com/xiaojiou176-open/provenote.git).
Install Mechanism
This is instruction-only (no install spec), which lowers install-surface risk. However, the INSTALL.md guides cloning an external GitHub repository and running 'uv sync' / 'uv run', which will pull and execute code from that repo — a normal pattern for installing software but one that requires the host reviewer to vet the external source and the 'uv' tool.
Credentials
The skill declares no required environment variables or credentials and its runtime instructions do not reference secrets. It does require filesystem and shell access on the host (editing/pointing configs at a local clone and launching the server), which is appropriate for the stated purpose.
Persistence & Privilege
No elevated platform privileges are requested: always:false, user-invocable, and the packet does not attempt to modify other skills or system-wide agent configs. It only instructs configuring the host's MCP server entries (which is expected).
Assessment
This skill appears coherent for teaching a local Provenote MCP workflow, but before installing you should: (1) verify the provenance of the GitHub repo it asks you to clone (https://github.com/xiaojiou176-open/provenote.git) and review its code, (2) ensure the 'uv' tool and 'git' are available and trustworthy on your host, (3) run the server in an isolated/sandbox environment if possible (it will execute code from the cloned repo), and (4) update the provided OPENCLAW/OPENHANDS config snippets to point only at safe, intended paths. The metadata omission about required binaries (uv/git) is minor but worth correcting; if you cannot review the external repo, avoid launching the server on sensitive infrastructure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dt1nt1gs838vsey063e4wp584gnfqmcpvk97dt1nt1gs838vsey063e4wp584gnfqnotesvk97dt1nt1gs838vsey063e4wp584gnfqoutcomesvk97dt1nt1gs838vsey063e4wp584gnfqprovenotevk97dt1nt1gs838vsey063e4wp584gnfqresearchvk97dt1nt1gs838vsey063e4wp584gnfq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments