Bookworm
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to manually confirm what command will run before using the documented `bookworm` examples.
The artifacts also ship `scripts/script.sh` and document a `bookworm` CLI, so the installer/command mapping is under-specified. This is not evidence of malicious behavior, but users should verify the local setup path.
No install spec — this is an instruction-only skill.
Install or invoke only the reviewed local script, and avoid ad-hoc shell aliases or wrappers from unverified sources.
Anything you log may remain on disk and be visible to anyone or any process with access to your local user files.
The skill keeps persistent plain-text logs and exports of user-entered content. That is purpose-aligned for a logging tool, but the entries may contain personal reading habits, plans, reminders, or notes.
All data is stored in `~/.local/share/bookworm/` ... `history.log` ... `export.json` / `export.csv` / `export.txt`
Avoid logging secrets or highly sensitive personal information, and periodically review or delete `~/.local/share/bookworm/` if you no longer need the records.