Wallabag

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill is mostly a coherent Wallabag API integration, but its shell script uses unsafe eval on user-supplied fields, which could execute local commands.

Wait for a patched version that removes eval from scripts/wallabag.sh before installing. If you still use it, only pass fully trusted values, use a dedicated Wallabag account, avoid --show-token in logged sessions, and manually review any update or delete action.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI05: Unexpected Code Execution

What this means

A crafted bookmark title, tag, URL, or search string could cause the agent's shell to run unintended commands on the user's machine.

Why it was flagged

The value is later populated from command options such as search, title, tags, and URL. Because eval re-parses the constructed string, shell syntax inside those values, such as command substitution, can be executed locally.

Skill content

append_data() { ... local value="${3:-}" ... eval "$arr_name+=(--data-urlencode \"$key=$value\")" }

Recommendation

Do not install or run this version until eval is removed. Build the argument array directly, for example with a nameref or explicit array append, and treat all CLI values as data only.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone or anything with access to those environment variables could authenticate to the Wallabag account with the configured permissions.

Why it was flagged

The skill uses Wallabag OAuth password-grant credentials, including the account username and password. This is expected for the stated API integration, but it is account-level sensitive authority.

Skill content

Set these variables before running commands: ... WALLABAG_CLIENT_ID ... WALLABAG_CLIENT_SECRET ... WALLABAG_USERNAME ... WALLABAG_PASSWORD

Recommendation

Use a dedicated low-privilege Wallabag account or token where possible, keep the environment private, and avoid shared or logged shells.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If invoked incorrectly, the agent could modify tags, archive/star entries, or delete bookmarks from the Wallabag account.

Why it was flagged

The skill exposes normal Wallabag mutation operations, including deletion. These operations are purpose-aligned and disclosed, but they can change or remove user data.

Skill content

Subcommands: ... create ... update ... delete --id <entry_id> ... tag add ... tag remove

Recommendation

Review planned create, update, tag, and delete actions before execution, especially delete operations or bulk-looking requests.