ClawHub

Hardcover Bookshelf Skill

Security checks across malware telemetry and agentic risk

Overview

This skill transparently connects to Hardcover to read and update a user's bookshelf, with no hidden persistence, unrelated data access, or deceptive behavior found.

Install this only if you want an agent to use your Hardcover API token to view and update your Hardcover bookshelf. Treat start and finish prompts as account-changing actions, and revoke or rotate the token if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes local code and makes authenticated network requests using an environment secret, but it does not declare explicit permissions. That mismatch weakens platform-level review and user understanding, increasing the chance the skill is invoked with capabilities the operator did not clearly approve. In this context the risk is real because the skill can read a bearer token and perform state-changing actions against a user's Hardcover account.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger guidance is broad enough to match generic 'reading' or 'books' requests, which can cause unintended invocation of a skill that reads a secret and performs account mutations. Misrouting is more dangerous here than in a read-only skill because commands like start/finish can change user state once selected. The skill does include some ambiguity handling for titles, but that does not mitigate overly permissive activation criteria.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal