Book Review Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: book-review-skill Version: 1.0.4 The skill bundle is classified as suspicious due to a major contradiction between its 'Safe Version' claims and its metadata/documentation. While the code in index.js and SKILL.md is benign and limited to local string templates, the README.md and package.json describe a version that requires sensitive credentials (DEEPSEEK_API_KEY) and filesystem access. Furthermore, package.json includes devDependencies for filesystem crawling and indexing (fs-extra, lunr, glob) that are not used in the provided source, suggesting a potential 'bait-and-switch' where users are encouraged to set up sensitive environment variables for a supposedly safe tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may trust that no data leaves the device while other included documentation says the skill uses an external AI provider.
This contradicts the safe-version positioning in SKILL.md and the source comments that claim no external API calls and local-template processing only, making the privacy claims unreliable.
✅ **AI Generation**: Generate in-depth expanded reviews based on DeepSeek API
The publisher should remove or correct stale DeepSeek/API documentation, or accurately declare any external provider use before users install or configure the skill.
Users could unnecessarily create or expose a service credential for a version of the skill that does not appear to need it.
The README instructs users to provide an API key even though the registry requirements and safe-version SKILL.md declare no credentials, and the included code does not read this variable.
export DEEPSEEK_API_KEY=sk-your-api-key
Do not provide API keys for this skill unless the publisher updates the metadata and code review clearly shows why they are required.
Users may be led to point the skill at private notes or cache reading data despite the reviewed runtime not needing filesystem access.
The README describes broad personal note-library paths and a cache directory without clear exclusions, retention, or approval boundaries, while the safe-version code claims no filesystem access.
export BOOK_REVIEW_NOTE_PATHS=~/Documents/Notes,~/Obsidian ... BOOK_REVIEW_CACHE_DIR=~/.cache/book-review
Avoid configuring note paths or cache locations for this skill until the publisher reconciles the documentation and clearly scopes any local indexing behavior.