ClawHub

Book Organizer

Security checks across malware telemetry and agentic risk

Overview

This book-notes skill has no executable code, but it tells agents to download full books from shadow e-book sources before summarizing them.

Install only if you will supervise source selection closely. Use books you own, licensed library access, public-domain works, or user-provided files; do not allow automatic downloads from shadow e-book sites, and ask the agent to confirm the output filename and path before writing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill claims to organize book content into local Markdown notes, but its workflow instructs the agent to search for and download complete book files from external ebook sources first. This materially expands the skill from summarization into acquisition of copyrighted content, creating a high-risk mismatch between declared purpose and actual behavior.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly directs use of Z-Library, Anna's Archive, and similar repositories to download full ebooks, which are commonly associated with unauthorized distribution of copyrighted works. Embedding these sources as a primary workflow makes the skill capable of facilitating piracy and exfiltrating complete protected content far beyond what is needed for note-taking.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The instructions say to prioritize downloading complete books, but later claim the skill will 'only organize and summarize' and not copy the full text. This contradiction weakens safeguards because the operational steps still require acquiring full copyrighted content, making the later limitation ineffective and likely to be bypassed in practice.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill states that output is saved to the local workspace, but the operational guidance does not require explicit user-facing notice or confirmation before writing files. Silent local file creation can surprise users, clutter workspaces, and in some environments may overwrite or persist sensitive derived content without informed consent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal