kindle2md

Security checks across malware telemetry and agentic risk

Overview

This skill locally converts a user-provided Kindle notes HTML file into Markdown, with a disclosed overwrite behavior users should notice.

Before installing, set references/config.md to the exact Obsidian folder you intend to use and confirm the generated book title before running it. Keep backups or remove the --override behavior if you do not want existing notes with the same filename to be replaced, and install the required Python packages only from trusted sources.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly says to overwrite existing files and passes --override to the conversion script without any confirmation step. Because the output path is derived from configurable state plus parsed filename data, this can cause silent destruction of existing notes or other files if the configured directory is wrong or filenames collide.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal