ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

article-bookmarker

v0.2.2

Save and organize web articles as bookmarks with AI summaries and auto-tagging. Use when the user wants to bookmark or collect articles.

2· 117·1 current·1 all-time
by@chliny
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's files and script match the stated purpose: extracting/summarizing articles, writing markdown bookmarks, maintaining a TAG_INDEX, and optionally syncing with GitHub. However the registry metadata marks ARTICLE_BOOKMARK_GITHUB as required and lists both 'gh' and 'git' as required binaries even though the script treats the GitHub remote/gh usage as optional. That mismatch is inconsistent but plausibly a documentation/configuration error rather than an outright red flag.
Instruction Scope
SKILL.md instructs the agent to fetch web content, generate summaries, write files under ARTICLE_BOOKMARK_DIR, update the tag index, and invoke scripts/bookmark.sh to init/save. Those steps stay within the bookmark use case. The doc also references proxy env vars (HTTP_PROXY, etc.) which are reasonable for network fetches but are not declared in requires.env. The skill requires reading/writing any files under ARTICLE_BOOKMARK_DIR — if that path is set to a directory containing other sensitive .md files, the git operations could include them (git add *.md).
Install Mechanism
No install spec — instruction-only with an included bash helper. No arbitrary downloads or archive extraction are present. This is a low-risk install model.
!
Credentials
The skill asks (in metadata) for ARTICLE_BOOKMARK_DIR and ARTICLE_BOOKMARK_GITHUB. ARTICLE_BOOKMARK_DIR is necessary. ARTICLE_BOOKMARK_GITHUB is used only to enable remote sync; the script treats it as optional. Declaring the GitHub repo env var required and gh as a required binary is disproportionate. Also, remote sync relies on the host's gh CLI authentication (no explicit token env var in the skill), so if gh is authenticated on the machine the script can create repos and push content — this gives the skill an avenue to exfiltrate any markdown files present under ARTICLE_BOOKMARK_DIR. No other unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true. It does not modify other skills or system-wide configs. It can run git/gh operations when invoked, which is expected for repo-backed bookmark management. Autonomous invocation is allowed by default on the platform, but that is not set by this skill itself.
What to consider before installing
This skill appears to implement a git-backed bookmark manager and will write/commit/push markdown files under whatever path you set in ARTICLE_BOOKMARK_DIR. Before installing or enabling it: - Use a dedicated directory for ARTICLE_BOOKMARK_DIR (do not point it at a directory that already contains personal or sensitive .md files). The script stages all *.md in that directory. - If you do not want remote pushes, leave ARTICLE_BOOKMARK_GITHUB unset — the script will skip remote operations. If you set ARTICLE_BOOKMARK_GITHUB, be aware the script will attempt to create and push a repo using your local 'gh' authentication. - The registry metadata inconsistency (marking ARTICLE_BOOKMARK_GITHUB and gh as required when they are actually optional) looks like documentation/config mismatch — confirm whether the skill really needs gh and a repo for your use. - Audit the content the agent writes before calling scripts/bookmark.sh save, and consider using a GitHub account/repo with limited privileges or a dedicated personal access token with narrowly scoped permissions. These points explain why the package is flagged as 'suspicious' rather than 'benign' — the behavior is coherent with bookmarking, but the env/binary requirements and the push/create-repo behavior increase the risk of accidental data exposure if misconfigured.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fzbn356m5x2acywnfkk3pdx83v565

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔖 Clawdis
Binsgh, git
EnvARTICLE_BOOKMARK_DIR, ARTICLE_BOOKMARK_GITHUB

Comments