ClawHub

Weread Reading Recommender

Security checks across malware telemetry and agentic risk

Overview

This skill locally exports and normalizes a user's WeRead reading history for recommendations, with sensitive cookie use that is expected for the purpose and mostly disclosed.

Install only if you are comfortable letting the skill use a local WeRead session cookie to fetch your reading data from WeRead. Keep the cookie private, prefer an environment variable or protected local file over pasting it into commands, and store or delete the exported JSON carefully because it can reveal your reading history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill directs the agent to access local environment variables, read cookie files, write exported JSON, and invoke scripts that likely make network requests, yet it declares no permissions or user-consent boundary. In a skill that handles authentication cookies and local files, this mismatch is dangerous because the agent may perform sensitive actions without explicit authorization, increasing the risk of secret exposure, unintended data export, or overbroad file/env access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The spec requires reading a local cookie and calling WeRead endpoints, but it does not explicitly warn users that their cookie will be transmitted to remote WeRead services to perform the export. In a credential-handling skill, missing disclosure can mislead users about the privacy and authentication implications of the workflow, increasing the chance of unsafe consent or mishandling of account-bound session tokens.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal