ClawHub

Ebook Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ebook search helper, but its download script weakens HTTPS verification for the public ebook index.

Install only if you are comfortable with a skill that contacts a public GitHub Pages catalog, stores a local ebook index cache, and shows third-party download links. The script should ideally be patched to use normal HTTPS verification before relying on its results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code explicitly disables TLS hostname verification and certificate validation before downloading the ebook database. This allows a man-in-the-middle attacker or malicious network intermediary to replace the JSON database with attacker-controlled content, undermining the integrity of search results and any download links presented by the skill. In this skill context, that is especially risky because the fetched data directly influences user-visible links for ebook downloads.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation text is broad enough to match generic requests like 'find books' or 'book recommendations,' even though the skill is tied to a specific third-party ebook source. Over-broad routing can cause unintended activation, sending user queries to a skill that fetches remote data and returns download links from a potentially risky or unauthorized content source.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill explains that it downloads and caches remote metadata locally, but it does not surface that behavior as a user-facing warning in the description where invocation decisions are made. This reduces informed consent and may expose privacy-sensitive usage patterns or leave persistent local artifacts users did not expect.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal