Books

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

If you manually install from the GitHub repository, you are trusting code that was not included in these reviewed artifacts.

Why it was flagged

The provided package is instruction-only, but the README points users to clone and make executable external scripts. This is a provenance gap rather than evidence of malicious behavior.

Skill content

git clone https://github.com/jeffaf/books-skill.git
cd books-skill
chmod +x books scripts/books

Recommendation

Before using the external CLI scripts, review the repository contents, prefer a pinned commit or release, and confirm the scripts only call the documented Open Library endpoints.