Ebook
Security checks across malware telemetry and agentic risk
Overview
This appears to be a local ebook tracker, but users should know it runs a Bash/Python script that stores, edits, exports, and can delete local ebook records.
This skill looks coherent for local ebook management. Before installing, be comfortable with it creating ~/.ebook/data.jsonl, storing your reading history and highlights there, and running update/delete/export commands when asked. Back up the data file if you care about preserving your collection.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill allows the agent to run the included local ebook-management script.
The skill is explicitly designed to run a local Bash script, with embedded Python shown in the script artifact. This is expected for the stated purpose, but users should recognize it executes local code.
Run via: `bash scripts/script.sh <command> [options]`
Use it only from a trusted source and invoke commands intentionally, especially commands that modify or export data.
If the delete command is used on the wrong ID, local ebook records and related notes can be removed.
The delete command removes the selected book and related sessions, highlights, and reviews. This is purpose-aligned and documented, but it is a real local data mutation.
records = [r for r in records if not (r.get("id") == book_id or r.get("book_id") == book_id)]Confirm book IDs before update or delete operations, and keep a backup of ~/.ebook/data.jsonl if the collection is important.
Reading history and highlights remain on disk and may be shown or exported later.
The skill maintains persistent local records that may include personal reading history, annotations, and review text. This persistence is disclosed and central to the purpose.
All ebook records, reading sessions, highlights, and reviews are stored in `~/.ebook/data.jsonl`.
Avoid storing sensitive private passages or notes unless you are comfortable keeping them in ~/.ebook/data.jsonl, and review exports before sharing them.
The skill may fail or behave differently on systems without the expected Bash/Python runtime even though metadata does not preflight those requirements.
The registry metadata does not declare required binaries, while the skill documentation lists Python and Bash prerequisites and the script invokes python3. This is an under-declared setup dependency rather than evidence of malicious behavior.
Required binaries (all must exist): none
Ensure Bash and Python 3 are installed before use; maintainers should declare these binaries in metadata.