ClawHub

note-test1-limingzhi

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed IMA notes connector that can read and add to private notes using the user's IMA credentials.

Install this only if you want an agent to manage your IMA notes. Treat the IMA API key as sensitive, avoid using it in shared contexts, and confirm the target notebook/note and content before allowing create or append actions, especially for ambiguous requests like “save this” or “add this.”

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger guidance is overly broad and can activate on generic phrases like '帮我记一下' or references to prior writing, causing the agent to route ordinary conversation or unrelated personal-document requests into a note-reading/writing capability. In context, this can lead to unintended access to private notes or unintended persistence of user content to an external service without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The top-level trigger guidance is very broad, including generic phrases like saving, recalling, or handling personal documents. In an agent environment, this can cause the skill to activate for ambiguous requests and expose private note metadata or content, or initiate note operations the user did not clearly intend.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The endpoint-specific trigger descriptions are underspecified and rely on vague natural-language cues such as '查看' or '添加到笔记里' without guardrails for confirmation, identity, or object selection. This increases the chance of the wrong notebook or note being read or modified, especially when multiple candidate notes exist.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description advertises note creation and append capabilities but does not prominently warn that these operations modify persistent user data. In practice, an agent may treat 'save this' or similar phrasing as sufficient authorization, leading to unintended writes to the user's notes.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal