ClawHub

Notes Export Api

Security checks across malware telemetry and agentic risk

Overview

This skill is a Markdown-to-PNG exporter, but it can automatically send note contents and referenced local files to a remote service without a runtime opt-in.

Review before installing. Use an explicit local endpoint when possible, avoid private notes unless you are comfortable sending them to the configured export service, and inspect any .env files because this script sources them during execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill describes capabilities to read local files, invoke shell scripts, and make network requests, including probing localhost and optionally sending Markdown content and local images to a remote service, yet it declares no corresponding permissions. This is dangerous because users and calling systems are not given an accurate trust boundary: sensitive local content may be read and transmitted without explicit authorization metadata.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly states it will automatically upload local images referenced by Markdown and, if localhost is unavailable, fall back to a public remote export API, but it does not prominently warn that note contents and embedded local assets may leave the machine. This creates a real data-exposure risk because notes often contain sensitive text, screenshots, paths, or internal documents, and the fallback behavior can transmit them externally without meaningful user awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script transmits full Markdown content to an HTTP API and, when a Markdown file contains local image references, uploads those local files to a backend as well. Because it auto-selects a remote default endpoint and performs these uploads without an explicit consent prompt or prominent warning at execution time, users may unintentionally exfiltrate sensitive notes or local images.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal