Books
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: books Version: 1.0.0 The skill bundle describes a CLI tool for interacting with the Open Library API. The `SKILL.md` and `README.md` files clearly outline the purpose and usage, requiring standard binaries like `bash`, `curl`, and `jq`. The instructions for the AI agent in `SKILL.md` guide it to use the skill's commands (`./books search`, `./books info`, `./books author`) as intended, without any directives for malicious actions, data exfiltration, or ignoring user input. Network access is explicitly limited to `openlibrary.org`, which is a legitimate API endpoint for the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you manually install from the GitHub repository, you are trusting code that was not included in these reviewed artifacts.
The provided package is instruction-only, but the README points users to clone and make executable external scripts. This is a provenance gap rather than evidence of malicious behavior.
git clone https://github.com/jeffaf/books-skill.git cd books-skill chmod +x books scripts/books
Before using the external CLI scripts, review the repository contents, prefer a pinned commit or release, and confirm the scripts only call the documented Open Library endpoints.