Jina Reader
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: jina-reader Version: 0.0.1 The skill bundle is classified as suspicious due to a critical shell injection vulnerability found in `scripts/reader.sh`. In the 'read' mode, the `INPUT` variable is directly interpolated into the `curl` command's URL argument without proper shell escaping (e.g., `"https://r.jina.ai/${INPUT}"`). This allows an attacker to inject arbitrary shell commands by crafting the `INPUT` string, leading to potential Remote Code Execution (RCE). While the 'search' and 'ground' modes correctly sanitize input using `jq`, the 'read' mode's oversight poses a significant security risk. There is no evidence of intentional malicious behavior such as data exfiltration or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
URLs, searches, and statements you ask the skill to process are shared with Jina AI for extraction, search, or grounding.
The script sends the user-provided URL, search query, or fact-check statement to Jina API endpoints. This is disclosed and core to the skill, but it means Jina receives the submitted content.
curl -sS "${HEADERS[@]}" "https://r.jina.ai/${INPUT}" ... "https://s.jina.ai/${ENCODED_QUERY}" ... -X POST "https://g.jina.ai/" -d "$(jq -n --arg s "$INPUT" '{statement: $s}')"Avoid submitting private/internal URLs or sensitive statements unless you are comfortable with Jina processing them.
If you set JINA_API_KEY, requests made by this skill may count against your Jina account limits or billing.
The script reads the optional JINA_API_KEY environment variable and sends it as a bearer token to Jina. This is expected for the service but gives the skill access to use that key for Jina requests.
API_KEY="${JINA_API_KEY:-}" ... HEADERS+=(-H "Authorization: Bearer $API_KEY")Use a dedicated or revocable Jina API key, avoid exposing it in shared shells or logs, and monitor account usage if cost matters.