Book2kindle

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrow wrapper around a local book-to-Kindle command, with disclosed Z-Library search and Kindle sending behavior, but users should consider copyright, privacy, and trust in the local CLI before using it.

Install only if you trust the local `book2kindle` CLI already present in the environment and are comfortable using Z-Library and Kindle delivery. Confirm you have the right to download and send the selected book, check the result number before sending, and avoid using it with sensitive account destinations or untrusted files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly facilitates searching Z-Library and sending downloaded EPUBs to a Kindle account, but it provides no warning about the legal, policy, privacy, or account-security risks of obtaining copyrighted content from an unauthorized source and transmitting files through a personal Kindle email/service. This omission increases the chance that users will unknowingly engage in risky or prohibited behavior and may expose their account email or device ecosystem to untrusted content.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal