ClawHub

Readwise & Reader API

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Readwise/Reader integration, but it can change or delete items in the user's Readwise account if the user gives it a token.

Install only if you are comfortable providing a Readwise API token. Treat READWISE_TOKEN like a password, review the target item ID before any update or delete command, and require explicit confirmation before modifying or deleting documents or highlights.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and relies on shell execution via a bundled CLI, but no explicit permissions are declared. That creates a transparency and policy gap: the agent may invoke command execution capabilities without clear user-facing constraints or review, increasing the risk of unintended command use or unsafe handling of inputs/tokens. The presence of an API token and write-capable operations makes this more sensitive than a read-only integration.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation description is broad enough to trigger on generic mentions of Readwise or Reader, including ambiguous requests that may not intend tool use. Over-broad routing can cause unnecessary access to external accounts and increase the chance the agent performs actions or queries against a user's Readwise data without sufficiently specific intent. In this context, the skill supports both read and write actions, which raises the consequence of accidental invocation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents update and delete operations for Reader documents without any warning, confirmation requirement, or guardrails around destructive actions. Because these operations modify or remove user data in an external account, an accidental invocation, ambiguous instruction, or prompt-manipulated workflow could lead to irreversible loss or unwanted account changes. The danger is elevated because the same skill is also broadly invocable and authenticated through a persistent token.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes highlight deletion and update capabilities without warning that they are destructive or account-modifying operations. Highlights and notes may contain valuable user annotations, so silent deletion or modification can cause meaningful data loss and trust erosion, especially if triggered from ambiguous requests. In a personal knowledge-management context, these changes are particularly sensitive because they alter curated reading history and notes.

VirusTotal

52/52 vendors flagged this skill as clean.

View on VirusTotal