Bookmarks
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches a bookmark-organizing purpose, but it asks to silently sync saves from many connected accounts and keep working in the background without clear limits.
Before installing, confirm which platforms it may connect to, limit it to read-only explicit saves, avoid importing likes or sensitive accounts unless you intentionally opt in, and make sure you can view, pause, and delete the `~/bookmarks/` data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could collect private saved items from several accounts once connected, and the user may not get a clear chance to approve each source or import run.
The skill implies delegated access to multiple external accounts, but the artifacts do not define permission scopes, authentication boundaries, or source-by-source consent beyond a broad connection step.
Connect sources (X, YouTube, Reddit, Pinterest, etc.) ... Import saves — silently, no questions
Require explicit read-only authorization per platform, show the exact sources and scopes before import, and provide an easy way to disconnect or revoke access.
A local folder may accumulate a searchable record of private interests, saved posts, and generated inferences.
The skill stores imported saves, tags, preferences, and generated summaries as persistent local files for later search and resurfacing.
Create `~/bookmarks/` as workspace ... `saves.md` # All saves, tagged ... `reports/` # Generated summaries
Review the `~/bookmarks/` contents regularly, avoid importing sensitive sources unless needed, and define retention or deletion preferences.
The skill could continue collecting and organizing account data in the background with limited user visibility.
The instructions encourage ongoing autonomous background activity, but do not define a bounded schedule, stopping condition, audit trail, or required user confirmation for continued syncing.
Works silently in background ... Never interrupts unless configured to ... Import saves silently from connected platforms
Make background syncing opt-in, display status and recent activity, set a clear schedule, and provide a simple pause/disable command.