Openclaw
PassAudited by ClawScan on May 10, 2026.
Overview
BKMRK is a coherent bookmark-management integration, but it uses a BKMRK API key, sends bookmark content to Claude, and may return prompts that should be reviewed before execution.
Install only if you trust BKMRK with your bookmark library and are comfortable with bookmark content being analyzed by Claude. Keep the API key private, review batch status/project changes before applying them, and inspect any staged executable prompt before allowing an agent to act on it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the API key could access or modify the user's BKMRK library according to the API's permissions.
The skill needs a service API key that can authenticate requests to the user's BKMRK account. This is expected for the integration, but it is sensitive account access and is not declared in the registry metadata as a primary credential.
All requests require the user's BKMRK API key as a header: X-API-Key: {BKMRK_API_KEY}Treat the BKMRK API key like a password, provide it only when needed, and rotate it if it is exposed.
An agent could mark items done, staged, or trashed in the user's BKMRK library if instructed or if the user approves such actions.
The documented API can mutate bookmark state, including batch status changes and trashing items. This is part of the stated management purpose, but it is still account mutation authority.
Manage Card Status... Batch update: { "items": [ { "bookmark_id": "<uuid>", "status": "done" }, { "bookmark_id": "<uuid>", "status": "trashed" } ] }Review proposed batch changes before applying them, especially actions that mark items done or trashed.
Bookmark content and project-analysis instructions may influence future BKMRK analysis and may be processed by the external AI service.
The service sends bookmark-derived content to Claude and supports persistent project-specific persona/scoring instructions that affect later analysis. This is disclosed and purpose-aligned, but it involves third-party processing and persistent context that can shape future outputs.
All content is sent to Claude uncapped for analysis... Optional persona fields: analysis_persona — A role description injected into Claude's system prompt
Avoid submitting private or sensitive URLs unless you are comfortable with BKMRK and Claude processing them, and periodically review project persona/scoring settings.
A returned prompt could ask the agent to make changes that go beyond what the user intended if it is followed blindly.
The skill may retrieve AI-generated or bookmark-derived 'executable prompts' for staged items. That is central to the product workflow, but such prompts should be treated as untrusted recommendations unless the user explicitly approves them.
Submit URLs, assign projects, trigger deep analysis, and execute staged items... Returns scores, statuses, per-project analyses, and executable prompts.
Require explicit user review before executing staged prompts, and do not let bookmark-derived text override the user's current instructions or safety constraints.