Back to skill

Security audit

WeRead to flomo

Security checks across malware telemetry and agentic risk

Overview

This skill clearly syncs local WeRead notes to a user-provided flomo webhook, but users should avoid providing the unused WeRead cookie unless the maintainer documents why it is needed.

Use --dry-run first, prefer today/date mode before all-mode, and verify the flomo webhook value before running a live sync. Do not provide or store a WeRead session cookie for this skill unless the maintainer explains why it is required, because the included script only processes already-exported Markdown files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation instructs the user to run a local script that reads Markdown files, writes a state file, and sends data to an external webhook, but the skill declares no corresponding permissions. This creates a transparency and trust problem: users and platforms cannot accurately assess that the skill performs file access and network exfiltration of note contents before use.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends parsed WeRead highlights and notes to a user-supplied external webhook, which is an exfiltration of potentially sensitive reading data. In the context of this skill, that behavior is expected functionality, but the code provides no confirmation, domain validation, or disclosure guardrails, so a mistaken or malicious webhook value could leak private content to an unintended third party.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.