Readwise & Reader API

PassAudited by ClawScan on May 1, 2026.

Overview

The skill matches its Readwise/Reader purpose, but it needs a Readwise token and includes commands that can change or delete items in that account.

Install only if you are comfortable giving the skill a Readwise API token. Confirm any delete or update requests before running them, and treat the token like a password.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

If invoked incorrectly, the agent could archive, retag, edit, or delete Readwise/Reader items.

Why it was flagged

The skill exposes update and delete operations against Reader documents and Readwise highlights. This is purpose-aligned for a management skill, but these actions can modify or remove account data.

Skill content

readwise.sh update DOC_ID --location archive --tags "done,good"

readwise.sh delete DOC_ID

readwise.sh highlight-delete 456789

Recommendation

Use specific IDs and limits, and ask for explicit user confirmation before update or delete actions.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone with the token could access or change the user's Readwise/Reader data within the token's permissions.

Why it was flagged

The script authenticates with a Readwise API token, which is expected for this integration but grants access to the user's Readwise/Reader account. The registry metadata does not declare a primary credential or required env var.

Skill content

auth_header() { echo "Authorization: Token ${READWISE_TOKEN}"; }

Recommendation

Set READWISE_TOKEN only in a trusted environment, avoid sharing logs or shell history containing it, and revoke/regenerate the token if it is exposed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill may fail until curl, jq, and READWISE_TOKEN are available, and users may not see those requirements from metadata alone.

Why it was flagged

The bundled script states runtime requirements that the registry metadata leaves undeclared, which can surprise users during setup even though the behavior is disclosed in the artifacts.

Skill content

# Requires: curl, jq, READWISE_TOKEN env var

Recommendation

Declare curl, jq, and READWISE_TOKEN in metadata, and review the bundled script before providing an account token.