Back to skill
Skillv0.1.0
ClawScan security
Book2kindle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 16, 2026, 8:06 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions expect and run a local CLI that is not declared or installed by the skill, and the workflow (searching Z‑Library and sending EPUBs to Kindle) raises coherence, legal, and credential-handling questions that aren't addressed in the SKILL.md.
- Guidance
- This skill is instruction-only but expects you to have a local CLI at .venv/bin/book2kindle; the registry entry doesn't provide or install that tool. Before using it: (1) verify where the book2kindle CLI comes from — inspect its source code or install it from a trusted, auditable repository (e.g., a known GitHub release). (2) Confirm how the CLI handles your Kindle account (email, credentials) and do not provide secrets unless you trust the CLI and its install source. (3) Be aware that Z‑Library is widely associated with infringing/pirated content — using tools that automate downloading from it can carry legal and policy risks. (4) If you proceed, run the CLI manually first to see exactly what network calls and files it uses; avoid granting broad credentials or installing untrusted binaries. If the skill included an install URL, a link to the CLI repo, or declared the env vars it needs, that would increase confidence.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to search Z‑Library and send EPUBs to Kindle but does not declare any required binaries, installs, or credentials. The SKILL.md requires executing .venv/bin/book2kindle, yet the registry metadata lists no required binary or install step — a clear mismatch. Additionally, sending to Kindle likely requires account configuration (email/address or credentials) which the skill does not mention or request.
- Instruction Scope
- concernThe runtime instructions tell the agent to run a local CLI that will contact external services (Z‑Library and whatever mechanism sends to Kindle). The SKILL.md gives no guidance on what that CLI is, where it came from, or what data it will read, store, or transmit. It also permits arbitrary flags to be passed through, giving broad runtime discretion without constraints.
- Install Mechanism
- concernThere is no install spec (instruction-only), which is low risk in general, but SKILL.md assumes the presence of a .venv/bin/book2kindle binary. That missing install/instruction to obtain the CLI is an incoherence: either the binary must be provided/installed or the skill will fail. Because the binary's provenance is unspecified, you cannot assess what code will run when invoked.
- Credentials
- concernrequires.env lists nothing, but the functionality (sending books to a Kindle) typically requires account configuration or credentials (Send-to-Kindle email, OAuth, or SMTP/AMAZON API credentials). The skill gives no indication of how those credentials are provided or protected. Also, interacting with Z‑Library implicates content-distribution/legal risk that is not surfaced.
- Persistence & Privilege
- okThe skill is not marked always:true and model invocation is disabled (disable-model-invocation: true), so it cannot run autonomously. That limits the blast radius and is appropriate given the network/credential concerns.