Hardcover.app skill for tracking books you're reading, reading goal, and finding books you'd love to read
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherently focused on read-only Hardcover.app book and reading-list queries, with the main thing to notice being that it uses your Hardcover API token and can retrieve personal reading data.
This skill appears safe and purpose-aligned for querying Hardcover.app. Before using it, understand that your Hardcover API token lets the agent retrieve your reading-library information; review outputs before sharing or syncing them elsewhere.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill means the agent can use your Hardcover token to read account-linked Hardcover data that the token is authorized to access.
The skill requires a Hardcover API token and uses it as a bearer credential for authenticated account access.
- **Env variable:** `HARDCOVER_API_TOKEN` from https://hardcover.app/settings
...
All queries require `Authorization: Bearer {token}` headerUse a token you are comfortable granting to the agent, revoke it if no longer needed, and avoid sharing outputs that contain private reading history or notes.
Your reading lists, progress, ratings, reviews, or goals could be copied into another destination if you ask the agent to sync them.
The skill may retrieve Hardcover data for use in another system, which is purpose-aligned but creates a data-sharing boundary the user should notice.
Also use for syncing reading data to other systems (Obsidian, etc.)
Confirm the destination and scope before syncing, especially for private reviews, reading journals, or lists.