Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Book Organizer
v1.0.0书籍内容深度整理技能。当用户提到整理书籍内容、读书笔记、制作思维导图、提取金句、总结核心观点时触发。使用场景包括但不限于:(1) 输入书名进行深度整理,(2) 创建章节摘要和思维导图,(3) 提取概念和关键知识点,(4) 整理金句摘录,(5) 总结核心观点,(6) 撰写读后感/书评,(7) 生成知识整理笔记。输出...
⭐ 1· 107·0 current·0 all-time
bykele@ioygy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated purpose (create summaries, extract quotes, generate notes) legitimately requires access to book text, but the SKILL.md explicitly prioritizes scraping/downloading full books from many third‑party sites (z-library mirrors, Anna's Archive, book4you, etc.). Requesting full-text downloads from these sources is not necessary for all legitimate summarization workflows and is disproportionate to the declared purpose because it encourages use of pirated or borderline sources without safeguards or legal consideration.
Instruction Scope
The instructions tell the agent to perform web_search/web_fetch, to attempt prioritized downloads of EPUB/PDF from a long list of external sites (some known for hosting infringing content), to switch mirrors when blocked, and to save the downloaded book into the local workspace. While obtaining content is expected, the guidance to 'prioritize electronic library download' and to loop through piracy mirrors, plus no explicit restriction to public‑domain or licensed sources, expands scope into potentially illegal content acquisition and lacks explicit user consent/verification steps.
Install Mechanism
This is an instruction‑only skill with no install spec or code files, so it does not write or install binaries. That minimizes filesystem persistence risk.
Credentials
The skill requests no environment variables or credentials in metadata. However, the instructions discuss accessing university/library resources that may require login; the skill does not declare or manage credentials and could prompt for them at runtime. Users should be cautious about supplying account credentials to satisfy these steps.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. It only saves output to the local workspace, which is consistent with the stated purpose.
What to consider before installing
This skill is coherent in producing summaries and Markdown notes, but it explicitly instructs the agent to prioritize downloading full books from many third‑party sites (including sites commonly associated with pirated content). Before installing or using it: (1) be aware of copyright and legal risks—downloading full books from those sources may be illegal; (2) do not provide personal/library credentials unless you understand the risk and the site’s legitimacy; (3) prefer modifying the skill to restrict sources to legal APIs or to only operate on user‑provided files (upload a book you already own); (4) add explicit prompts/consent before any automated download, and logging/confirmation when content may be copyrighted; (5) consider removing or replacing the listed piracy/archival mirrors with legal sources (publisher APIs, public-domain archives, library‑licensed content). If you cannot or will not constrain the data sources, treat this skill as risky and avoid granting it access to your accounts or sensitive systems.Like a lobster shell, security has layers — review code before you run it.
bookvk975p9y8m7mc7wfxdteajvpw89834bc0knowledgevk975p9y8m7mc7wfxdteajvpw89834bc0latestvk975p9y8m7mc7wfxdteajvpw89834bc0mindmapvk975p9y8m7mc7wfxdteajvpw89834bc0notesvk975p9y8m7mc7wfxdteajvpw89834bc0readingvk975p9y8m7mc7wfxdteajvpw89834bc0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.