Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Jina CLI
v1.0.0Reads web content and searches the web using Jina AI Reader API. Use when extracting content from URLs, reading social media posts (X/Twitter), or web search...
⭐ 0· 43·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (web reading/search via Jina Reader API) match the SKILL.md commands, options, and implementation notes (Go CLI, read/search/config). There are no unrelated credentials or surprising capabilities in the feature set itself.
Instruction Scope
The SKILL.md instructs installing and running a CLI that will fetch arbitrary URLs and optionally 'forward cookies' and use proxies. The docs also list environment variables and a config path (~/.jina-reader/config.yaml) even though the registry metadata declares no env requirements. The cookie-forwarding option can cause sensitive session data to be sent to the CLI's fetch subsystem or onward to external endpoints; the instructions give the agent discretion to fetch arbitrary URLs and batch process lists, which increases blast radius.
Install Mechanism
There is no install spec in the registry, but SKILL.md recommends a curl -fsSL https://raw.githubusercontent.com/.../install.sh | bash installation. Piping an unsigned remote script to bash is high risk (arbitrary code execution). The script is hosted on GitHub raw content (better than an unknown IP, but still unverified and not pinned to a release or checksum).
Credentials
SKILL.md documents several environment variables (API base URLs, timeout, proxy, feature flags). Those are configuration knobs (non-secret) and make sense for a web-reading CLI. However, the registry metadata lists no environment requirements while the instructions reference them — an inconsistency. The explicit cookie-forwarding option is a potential vehicle for exfiltrating secrets if used improperly.
Persistence & Privilege
The skill does not request 'always' presence and there are no declared system-level config modifications in the registry. The only persistence suggested is the CLI's own config file (~/.jina-reader/config.yaml) which is within normal bounds for a user-installed tool.
What to consider before installing
Be cautious. The core functionality (reading URLs, searching) is coherent, but SKILL.md tells you to run an unsigned install script from a GitHub raw URL (curl | bash). That action can execute arbitrary code on your system. Before installing: (1) inspect the install.sh content in the referenced repository (do not run it blind), (2) prefer a release artifact with a checksum or building from source with Go 1.24 if you trust the project, (3) avoid using --cookie / forwarding real session cookies unless you understand where those cookies are sent, (4) review and limit proxy settings and environment variables, and (5) verify the upstream repository and maintainer reputation. If you can't validate the install script and repository, treat this as untrusted software and avoid running it.Like a lobster shell, security has layers — review code before you run it.
latestvk9726z606nzjsf8q718919mvm584h3bn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.