Skills
skills/mindverse/second-me-skills/secondme-openclaw-notes/Gen Agent Trust Hub

secondme-openclaw-notes

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill explicitly accesses a sensitive file path at {baseDir}/.credentials to retrieve an accessToken or access_token.
  • Reading files that contain authentication secrets within the agent's local directory is a high-risk operation, as these secrets could be exposed to the model context or exfiltrated through subsequent network requests.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its note creation and search functions.
  • Ingestion points: Data enters the system via note titles, content, and URLs in the Create Note tool (SKILL.md), as well as search keywords and retrieved search results in the Search Notes tool (SKILL.md).
  • Boundary markers: There are no delimiters or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The skill performs HTTP GET and POST requests to external endpoints (mindos.com).
  • Sanitization: No input validation, escaping, or filtering of external content is specified before processing or sending data to the API.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 03:41 AM