ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Blog to Kindle

v1.0.0

Scrape blogs/essay sites and compile into Kindle-friendly EPUB with AI-generated cover. Use for requests to download blogs for Kindle, compile essays into ebook, or send blog archives to Kindle. Supports Paul Graham, Kevin Kelly, Derek Sivers, Wait But Why, Astral Codex Ten, and custom sites.

0· 2.6k·2 current·2 all-time
by@ainekomacx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (scrape blogs → EPUB → Kindle) matches the included scripts. However the skill fails to declare required runtime pieces the scripts clearly need (pandoc binary, Python packages like httpx and BeautifulSoup, and a macOS Mail/osascript environment). The use of an external 'nano-banana-pro' skill for cover generation is expected for cover creation but is not declared as a dependency.
!
Instruction Scope
SKILL.md and references/manual-workflow.md instruct actions beyond simple fetching/compiling: AppleScript via Mail.app (macOS-only) to send mail, manual keychain access in the cover-generation example (security find-generic-password to fetch GEMINI_API_KEY), and an instruction to always generate a cover via another skill. Those steps access system components (keychain, Mail.app) and call other skills/tools that are not listed as required, increasing scope and potential for accidental exposure.
Install Mechanism
There is no install spec (instruction-only) which lowers risk, but the package contains runnable Python scripts. The repository does not declare or install dependencies (httpx, bs4), nor does it declare that pandoc and osascript/Mail.app are required. Lack of declared dependencies is a usability and security concern because users may run scripts in an environment that behaves differently than expected.
!
Credentials
The skill declares no environment variables or credentials, yet the manual workflow shows retrieving GEMINI_API_KEY from keychain and the SKILL.md refers to `nano-banana-pro` (which likely needs an API key). The most notable red flag is the hard-coded default Kindle email (simonpilkington74_8oVjpj@kindle.com) embedded in documentation and scripts; that could cause accidental delivery to a third party if the user doesn't replace it. No other broad credentials or system paths are requested by the scripts themselves, but implicit reliance on keychain/API keys is present without justification.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. State is written only to a user-scoped path (~/.clawdbot/state/blog-kindle/), which is reasonable for tracking fetch/sent status. It does not modify other skills or system-wide configuration.
What to consider before installing
What to consider before installing and running this skill: - Missing runtime requirements: The scripts expect a macOS Mail.app/osascript environment and external tools (pandoc) and Python libraries (httpx, BeautifulSoup). Don’t run blindly — install and audit dependencies (pip install httpx bs4 or use a venv) and ensure pandoc is from a trusted source. - Replace the default Kindle address: The scripts and docs include a hard-coded Kindle email (simonpilkington74_8oVjpj@kindle.com). Change it before sending anything — otherwise you may accidentally send content to someone else. - Keychain/API usage is implicit: The manual workflow shows retrieving GEMINI_API_KEY from the macOS keychain to drive a cover-generation skill. If you follow that path, inspect the nano-banana-pro skill and confirm how it uses any API keys before allowing it access to your keychain or secrets. - macOS-specific behavior: Sending relies on Mail.app via AppleScript. If you’re not on macOS or prefer not to use your Mail.app account, modify send_to_kindle.py to use an alternative (SMTP with explicit credentials that you control) or test via a local sandbox first. - Test safely: Run fetch/compile steps on a small site or a local HTML snapshot first. Inspect ~/.clawdbot/state/blog-kindle/ for what the skill writes. Avoid enabling any autonomous invocation or automation until you’re comfortable with behavior. - Provenance and audit: The skill's source/homepage is unknown. If you don’t know or trust the owner, review the included scripts line-by-line (they’re short) before use. Consider running in an isolated VM/container and not granting any keychain/API access until you verify the other skills it depends on. If you want, I can: (a) list the exact dependencies and commands to set up a safe environment to run this skill, (b) suggest a patched send_to_kindle.py that prompts for the Kindle address instead of using the hard-coded default, or (c) scan the scripts for specific strings/hosts to look for potential exfiltration points.

Like a lobster shell, security has layers — review code before you run it.

latestvk9710vznk2z9d44ybwd1fcmwj1802dcw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments