ClawHub

Karakeep

SuspiciousAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches Karakeep bookmark management, but its CLI can send your API key to a hardcoded default server if you do not explicitly configure a URL.

Before using this skill, explicitly configure both your Karakeep URL and API key; do not set only `KARAKEEP_API_KEY` or `HOARDER_API_KEY`. Review or remove the hardcoded `https://hoard.phen.boo` default, protect the local config file containing the API key, and consider pinning the Python dependency.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

Your Karakeep API key and bookmark operations could be sent to an unexpected third-party server if you set only the API key or otherwise miss the URL configuration.

Why it was flagged

If an API key is supplied without an explicit URL, the CLI can send authenticated Karakeep requests to the hardcoded `hoard.phen.boo` host, which is not disclosed as the user's instance.

Skill content
url = os.environ.get("KARAKEEP_URL") or os.environ.get("HOARDER_URL", "https://hoard.phen.boo") ... "Authorization": f"Bearer {api_key}"
Recommendation

Require an explicit Karakeep URL before making requests, remove the hardcoded public default, and declare the API key and URL requirements in metadata.

NoteHigh Confidence
ASI03: Identity and Privilege Abuse
What this means

Anyone with access to that local config file may be able to use your Karakeep API key.

Why it was flagged

The login command stores the API key in a local plaintext JSON config file.

Skill content
with open(config_path, 'w') as f:
        json.dump({"url": url, "api_key": api_key}, f)
Recommendation

Use a dedicated low-privilege API key if possible, keep the config file private, and consider setting restrictive file permissions or using environment/secret storage.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The skill depends on an external Python package being fetched or resolved when commands run.

Why it was flagged

The documented commands resolve the `requests` package at runtime without a pinned version or lockfile.

Skill content
uv run --with requests skills/karakeep/scripts/karakeep-cli.py
Recommendation

Prefer a pinned dependency specification or lockfile for reproducible installs.