Skillv1.0.0

ClawScan security

Buku · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 9:25 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md clearly documents use of the buku CLI and local DB access, but the registry metadata does not declare the required binary or provide an install step — this mismatch and the presence of destructive CLI flags (e.g., --tacit, --replace) warrant caution.
Guidance: This skill is largely coherent (it documents how to run the buku CLI), but it has a notable omission: the registry metadata does not declare that the buku binary is required or provide an install step. Before installing or enabling the skill: - Confirm you have the buku CLI installed and which version will be invoked (buku must be on PATH). The registry should declare this requirement — ask the publisher to add it. - Back up ~/.local/share/buku/bookmarks.db before letting the agent run commands (delete/replace operations can be performed with --tacit and will skip confirmation). - Require explicit user confirmation before any destructive command (delete, replace, import with overwrite). If you are installing into an autonomous agent, ensure it will prompt you first. - Be aware that add/update operations may auto-fetch page metadata (network requests). If you want to avoid outbound requests, use --offline as described. - If you want safer deployment, ask the publisher to include a declared required-binaries entry and/or an install spec so the agent can verify the binary and version before executing. If you cannot verify these points or you do not want the agent to have filesystem/network access to your bookmarks DB, do not enable this skill.

Review Dimensions

Purpose & Capability: concernThe skill's name, description, and SKILL.md all describe using the buku CLI and operating on a local SQLite DB (~/.local/share/buku/bookmarks.db). However, registry metadata lists no required binaries and no install spec. That is internally inconsistent: a buku CLI is clearly required at runtime but not declared. The DB path is also explicitly referenced, which implies the skill will read/write that local file.
Instruction Scope: noteInstructions are narrowly focused on invoking buku CLI commands (add, search, list, import/export, update, delete). This stays within the stated purpose. However, the doc repeatedly instructs use of --nostdin and --tacit (skip confirmations) and shows destructive operations (deletes, tag-replace) — if an agent follows these instructions without additional user confirmation it can delete or overwrite bookmarks silently. The skill also documents auto-fetching metadata from the web (unless --offline is used), so runtime network requests are possible.
Install Mechanism: concernThere is no install specification and no declared required binary, yet the skill assumes the buku CLI is available. That mismatch is problematic: either the registry should declare buku as a required binary or provide an install step, or the SKILL.md should explicitly state the prerequisite. The absence increases the chance of runtime failures or unexpected behavior if a different buku version/implementation is present.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate. Two caveats: (1) it operates on a local DB path (~/.local/share/buku/bookmarks.db) so it requires filesystem access to that file; (2) some operations auto-fetch from the web when adding/updating bookmarks, which implies outbound network access (and potential transmission of bookmark URLs to remote hosts). Both behaviors are consistent with a bookmark CLI but are worth noting from a privacy/security perspective.
Persistence & Privilege: okThe skill does not request always:true and does not claim persistent or system-wide privileges. It's instruction-only and relies on invoking the buku binary at runtime; it does not modify other skills' configurations or request special platform privileges.