Find Book
v1.0.18Instantly find nonfiction books with Goodreads ratings, summaries, key concepts, and AI suggestions for enhancing your agent's knowledge files.
⭐ 0· 105·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim a local search over 5904 nonfiction books; the package includes data/books.json and index.js implements local search, formatting, and suggestion generation. No unrelated credentials, binaries, or services are required. Minor metadata mismatch: package/_meta.json show version 1.0.16 while registry metadata lists 1.0.18.
Instruction Scope
SKILL.md and README instruct local usage and show example code; runtime instructions do not ask the agent to read unrelated system files or env vars. A static scan flagged 'unicode-control-chars' inside SKILL.md (possible hidden characters or obfuscation) — the runtime code does not rely on those, but the presence of hidden control characters in documentation is worth reviewing.
Install Mechanism
No install spec (instruction-only) and all code/data are bundled in the package. No remote downloads or install-time network calls are declared, reducing install-time risk. The large local data blob (data/books.json) is included in the package.
Credentials
The skill requires no environment variables, credentials, or special config paths, and the code does not access process.env or other external secrets.
Persistence & Privilege
always is false and user-invocable is true. The skill does not modify other skills or global agent settings; it only returns data/suggestions for the agent to consume.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden/unicode control characters were detected in SKILL.md. This is not necessary for a local-search documentation file — it may be benign (zero-width spaces) or an attempt to obscure text. The runtime code does not reference these characters, but review the SKILL.md text (and any invisible characters) before trusting the package.
Assessment
This package appears to do exactly what it claims: local search over an included JSON of nonfiction books and generation of markdown snippets. Before installing, consider these checks: 1) Inspect SKILL.md for hidden control characters (the scanner flagged unicode-control-chars). 2) Verify the books.json provenance and licensing if you care about copyrighted content or data accuracy (the package claims 'Heardly' as source). 3) Note the metadata version mismatch (package files show v1.0.16 while registry lists v1.0.18) — confirm you have the intended release. 4) Run the included tests in a sandbox to confirm behavior and ensure the skill does not cause your agent to write automated changes to your knowledge files unless you intend that. If you plan to allow autonomous agent invocation, remember the skill can be called by the agent to produce text that the agent may choose to store elsewhere — review agent write/commit policies accordingly.Like a lobster shell, security has layers — review code before you run it.
latestvk976h9rw725mr80zkcsy9apm5n83agtx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.