libby-book-monitor

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Libby/OverDrive catalog monitor that stores a local watchlist and performs disclosed read-only catalog searches.

Install only if you are comfortable storing your reading watchlist locally and sending searched book titles, authors, and library codes to OverDrive's catalog API. If you configure recurring checks or external notifications, track where that schedule is installed so you can disable it later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The manifest includes broad trigger phrases like "book available", "library catalogue", and generic book/library terms, which could cause the skill to activate for ordinary reading or library-related requests outside the user’s intent to use Libby/OverDrive monitoring. Overbroad invocation increases the chance that the skill gains access to user queries, local watchlist data, or network activity in contexts where a more specific skill should not run.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal