ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ebook

v2.0.0

Manage ebook collections, track reading progress, and export highlights using bash and Python. Use when cataloging books, logging reading sessions, or organi...

0· 113·1 current·1 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (ebook manager, reading tracker, export highlights) align with the provided files. The script implements add/list/search/update/delete/read/progress/highlight/review/stats/export and stores data under ~/.ebook/data.jsonl, which is appropriate for the stated purpose.
Instruction Scope
SKILL.md tells the agent to run bash scripts/script.sh and documents expected behavior. The embedded Python code operates only on the local data file (~/.ebook/data.jsonl) and command-line args; there are no instructions to read unrelated system files, environment variables, or send data to external endpoints in the visible code.
Install Mechanism
No install spec is provided (instruction-only behavior plus a script file). Nothing is downloaded or installed by the skill itself, minimizing install-time risk.
Credentials
The skill declares no required environment variables or credentials. The script only uses $HOME to place its data directory; no unexpected secrets or unrelated service credentials are requested.
Persistence & Privilege
The skill is not forced-always (always:false) and does not declare any system-wide configuration changes. It persists only its own data under ~/.ebook and writes exported files as requested by the user.
Assessment
This skill appears to be a simple local ebook manager that stores data under ~/.ebook/data.jsonl and does not request network access or credentials. Before installing or running: (1) review the full scripts/script.sh file yourself (the provided listing was truncated in the prompt) to confirm there are no hidden network calls or commands you don't expect; (2) back up any existing ~/.ebook/data.jsonl to avoid accidental overwrite; (3) run the script in a sandbox/container if you want to test behavior before using it on real data; and (4) if you plan to export files, verify export paths to avoid overwriting important files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97032svp3p8qt0mrv9m9cqfsx83589g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments