v1.0.0

Ima Skills 1.0.4

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

This appears to be a coherent IMA notes integration, but it uses an API key to read and write private notes, so users should verify the publisher and handle credentials carefully.

GuidanceInstall this only if you trust the publisher and intend to let the agent access your IMA notes. Use official IMA API credentials, store them securely, and review create/append actions before they are sent.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

| 新建一篇笔记 | `import_doc` ... | 往已有笔记追加内容 | `append_doc` |

The skill exposes direct API write operations for creating and appending notes. This is part of the stated purpose, but it changes persistent user data.

User impactA mistaken or overly broad instruction could create an unwanted note or append unwanted content to an existing note.

RecommendationFor create or append actions, verify the target note/folder and content before allowing the agent to proceed.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

_meta.json

"ownerId": "kn7fpa7e88ngzptwrczstadp5h831pc9", "slug": "ima-skills", "version": "1.0.4"

The bundled metadata differs from the supplied registry metadata, which lists a different owner ID, slug, and version. This is a provenance/versioning ambiguity for a credential-using skill.

User impactUsers may have less assurance that the installed artifact corresponds exactly to the registry entry or expected publisher.

RecommendationVerify the skill publisher, version, and homepage before installing and before adding IMA API credentials.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

requires: { "env": ["IMA_OPENAPI_CLIENTID", "IMA_OPENAPI_APIKEY"] } ... -H "ima-openapi-apikey: $IMA_OPENAPI_APIKEY"

The skill requires IMA API credentials and uses them in request headers, which is expected for the service but grants the agent access to the user's note account.

User impactThe agent/runtime with these environment variables can use the IMA API to access the user's personal notes.

RecommendationUse credentials created from the official IMA interface, keep them private, revoke or rotate them if exposed, and avoid sharing the environment with untrusted tools.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

支持读取（搜索、列表、获取内容）和写入（新建、追加） ... 笔记内容属于用户隐私

The skill brings private note content into the agent context and can persist new or appended note content. The artifact acknowledges that note content is private.

User impactPrivate notes may be read into a conversation or used as context, and newly created/appended notes will persist in the user's IMA account.

RecommendationAsk the agent to read or write notes only when intended, limit how much note content is displayed, and do not treat retrieved note text as instructions unless the user explicitly asks for that.