ClawAudit verdict

ynote-clip

88
🟢 Trusted
Low risk — reviewed by ClawAudit, behavior matches stated purpose

Clips web pages to Youdao Notes using a user API key from env vars; browser automation and image processing serve the stated web clipping purpose.

⚠ Flagged for review — coarse, uncorroborated signal, not a confirmed exploit. Review the config yourself before installing.

Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.

0
security
90
transparency
90
maintenance

Findings (7)

Pattern match critical

Possible hardcoded credential

SKILL.md · code · API_KEY="your-api-key-here

Pattern match high

Accesses shell history/config

SKILL.md · code · ~/.zshrc

Pattern match high

Uses eval() — can execute arbitrary code

SKILL.md · prose · downgraded · eval(

Pattern match medium

References sudo — requests elevated privileges

SKILL.md · prose · downgraded · sudo

Pattern match medium

apk add — installs Alpine packages

SKILL.md · prose · downgraded · apk add

Pattern match medium

Base64 decode (atob) — may hide malicious payloads

static/inject-sdk.fn.js · prose · downgraded · atob(

Pattern match medium

Long base64 string (100+ chars) — likely obfuscated payload

static/inject-sdk.fn.js · prose · downgraded · dmFyIGNvbGxlY3RQYXJzZXI7KCgpPT57InVzZSBzdHJpY3QiO3ZhciBlPVtmdW5jdGlvbihlLHQsbil7

Why the tier is capped

Execution sink present in raw bytes (Hard Floor: class G). Final tier capped at Caution — cannot be lifted by any downgrade, example-payload opt-in, or allowlist.

Permissions & capabilities

Requires 1 environment variable. (1 sensitive: YNOTE_API_KEY). Requires 4 system binaries. (1 elevated: curl).

credential_access

Is this flag fair?

Check another skill Browse the registry Auditing your own skills or configs? Use the API