ClawHub
Back to skill
v0.1.0

Karakeep

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:51 AM.

Analysis

The bookmark features are mostly coherent, but the code can send your API key to a hard-coded external server if you do not explicitly configure a Karakeep URL.

GuidanceInstall only if you are comfortable reviewing or editing the CLI first. Always configure your own Karakeep URL with `login --url ...` or `KARAKEEP_URL`, check `~/.config/karakeep/config.json`, and remove or change the hard-coded default host before using an API key.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
scripts/karakeep-cli.py
url = os.environ.get("KARAKEEP_URL") or os.environ.get("HOARDER_URL", "https://hoard.phen.boo") ... "Authorization": f"Bearer {api_key}"

If an API key is available but no URL is configured, authenticated requests fall back to a specific external host and include the user's bearer token.

User impactA user who sets only an API key could accidentally expose that key, search queries, or link-add requests to an unexpected server.
RecommendationRequire an explicit instance URL before making requests, remove the hard-coded default host, and declare the API key and URL requirements in metadata.
Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/karakeep-cli.py
config_path = os.path.expanduser("~/.config/karakeep/config.json") ... json.dump({"url": url, "api_key": api_key}, f)

The login command persists the service URL and API key in a local config file.

User impactThis is normal for a CLI integration, but anyone or any process that can read the config file may obtain the Karakeep API key.
RecommendationProtect the config file, avoid sharing it, and rotate the API key if it may have been exposed.