ClawHub

Kindle Clip CLI

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it too readily saves or shares potentially private Kindle notes and uses a risky install pattern.

Review before installing. Prefer manual or package-manager installation over running the piped shell installer. Use exports only when you intentionally want saved files, choose private locations, avoid synced/shared folders unless desired, and review or redact notes before sending summaries to Telegram or any other external service.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example explicitly encourages exporting Kindle highlights and notes to a local Markdown file without any caution that the output may contain sensitive personal reading history, annotations, or research material. In an agent setting, this can normalize creating files on disk that persist private data beyond the immediate session, increasing the risk of unintended disclosure, syncing, backup exposure, or later misuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guidance to 'always export to a file' for long outputs promotes persistent storage of potentially sensitive Kindle data as a default behavior, without discussing consent, safe locations, or retention. For AI agents, this is more dangerous because it can turn a routine read/query action into an unsolicited write operation that creates privacy and data-handling risks.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The install instructions recommend piping a remotely fetched script directly into `sh`, which executes unreviewed network content immediately. If the remote script, repository, or transport path is compromised, users could execute arbitrary code on their system without an opportunity to inspect it first.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented workflow exports Kindle notes, summarizes them, and sends the result to Telegram, which is an external service, without any warning about privacy, consent, or data sensitivity. Reading highlights and notes can contain sensitive personal, professional, or copyrighted content, so encouraging automated transmission increases the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs agents to "Always use --export-md," which encourages writing potentially sensitive Kindle highlights and notes to local files by default. Reading notes can contain personal interests, annotations, quotes, and other sensitive material, so automatic persistence increases the chance of unintended disclosure through shared directories, backups, sync services, or later access by other local users/processes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal