v1.0.0

Read Tool

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 PM.

Analysis

This is a very small input utility, but its advertised silent password mode is not implemented and could cause secrets to be echoed or printed.

GuidanceReview this carefully before installing. It appears simple and does not show exfiltration or persistence, but its password/silent-mode documentation does not match the included code. Do not use it for secrets unless the implementation is fixed and tested.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Supports prompts, timeouts, and silent input mode for passwords.

The documentation advertises a safety-relevant silent password mode, but the included script only does `print(input(prompt), end='')` and has no option parsing for `-s`; users or agents relying on the documented behavior could expose a password in the terminal or stdout.

User impactA user may believe password input will be hidden, but the supplied implementation does not provide that protection.

RecommendationDo not use this skill for passwords or secrets unless the implementation is fixed to support silent input correctly and the documentation matches the code.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

read-tool -s -p "Password: " PASS

The skill explicitly includes password capture as a supported use case. That is purpose-aligned for an input utility, but it means the tool may handle sensitive credentials typed by the user.

User impactSensitive text entered into this tool could be exposed to the terminal, stdout, shell history patterns, logs, or downstream scripts depending on how it is invoked.

RecommendationAvoid entering real credentials unless the tool is corrected, reviewed, and used in a context that does not log or display the captured value.