Clinkding - Linkding Bookmark Integration
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could delete bookmarks or other Linkding records the user intended to keep.
The skill documents commands that can permanently delete bookmark data. This is aligned with bookmark management, but it is a high-impact action users should review before approving.
# Delete permanently clinkding bookmarks delete 42
Confirm bookmark IDs and intended changes before allowing delete, archive, update, upload, or bundle/tag modification commands.
Anyone or anything with access to the configured token may be able to read or modify the user's Linkding bookmarks depending on that token's permissions.
The skill requires a Linkding API token for account access. This is expected for the integration, but the token grants delegated access to the user's Linkding data.
clinkding config set token YOUR_API_TOKEN
Use a dedicated, least-privilege Linkding token if available, store it securely, and rotate it if it may have been exposed.
A future upstream package change could alter the behavior of the installed CLI compared with the instructions reviewed here.
The Go install path uses @latest, which means the installed code can change over time. This is a common CLI install pattern, but it is not pinned to a specific reviewed version.
go | module: github.com/daveonkels/clinkding@latest
Install from a trusted upstream source and consider pinning to a known version if reproducibility is important.
Search results or bookmark details may expose personal or sensitive URLs, notes, tags, and reading history to the agent session.
The skill retrieves personal bookmark titles, descriptions, and tags into the agent workflow. This is central to the purpose, but bookmark metadata can reveal private interests or work context.
Searchable library - Full-text search across titles, descriptions, tags
Avoid asking the agent to retrieve sensitive bookmark collections unless you are comfortable with that information appearing in the conversation context.