Notes Reminders

Security checks across malware telemetry and agentic risk

Overview

This notes and reminders skill has a reasonable purpose, but it references missing helper scripts and can post reminder text to channels without clear safeguards.

Review before installing. Only use this skill if you know where the required scripts will come from and are comfortable confirming the exact channel, account, message text, and timezone before any reminder can post into a chat space.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs sending reminder contents to an external channel when reminders fire, but it does not disclose that user-provided message text will be transmitted outside the local note/reminder store. Because reminder messages may contain sensitive content, this can cause unintended disclosure to Slack or another messaging destination, especially if the channel ID is wrong, stale, or broader than the user expects.

Natural-Language Policy Violations

Medium

Confidence: 81% confidence
Finding: Forcing all natural-language time expressions to Asia/Tokyo without checking the user's actual timezone can cause reminders to fire at unintended times. While primarily an integrity and reliability issue rather than direct code-execution risk, mistimed reminders can still lead to missed meetings, accidental disclosures at the wrong time, or operational mistakes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal