ClawHub
Back to skill
v1.0.1

Linkding

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:51 AM.

Analysis

The skill coherently manages a Linkding bookmark account using a user-provided API token, with no artifact-backed evidence of malicious behavior, but users should notice its account-editing and deletion capabilities.

GuidanceBefore installing, make sure you trust the included helper script, configure it only with your intended Linkding server and API token, and be careful with delete or bulk update operations. No artifact-backed malicious behavior was found.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/linkding-api.sh
cmd_delete() {
    api_call DELETE "/api/bookmarks/${1}/"
}

The helper directly exposes Linkding mutation operations, including deletion. This matches the bookmark-management purpose, but destructive actions should be user-directed and checked carefully.

User impactA mistaken bookmark ID or overly broad user request could delete or alter saved bookmark data.
RecommendationConfirm bookmark IDs and intended changes before delete, archive, update, or bulk tagging operations.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
scripts/linkding-api.sh
LINKDING_URL=$(jq -r '.url // empty' "$CONFIG_FILE")
...
curl -sS -X "$method"

The script depends on jq and curl, while the supplied requirements declare no required binaries. This can affect reliable setup and review clarity, but the dependencies are ordinary and purpose-aligned.

User impactThe skill may fail or behave inconsistently on systems without the expected local tools installed.
RecommendationInstall jq and curl if needed, and treat the undeclared dependency gap as a setup issue rather than a sign of hidden behavior.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Config: `~/.clawdbot/credentials/linkding/config.json`
{
  "url": "https://linkding.example.com",
  "apiKey": "your-api-token"
}

The skill requires a Linkding API token to access the user's account. This is expected for bookmark management, but it is sensitive account authority and is not reflected in the registry's credential/env-var declarations.

User impactAnyone or any agent action with this token can access and modify the connected Linkding bookmarks according to that token's permissions.
RecommendationStore the token only in the intended credentials file or environment variable, use the least-privileged token available, and revoke/regenerate it if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
"notes": "Personal notes",
"tag_names": ["tag1", "tag2"]

Bookmark responses can include persistent user content such as personal notes, descriptions, tags, and saved URLs. This is expected for a bookmark manager, but retrieved bookmark content may enter the agent's working context.

User impactPrivate bookmark titles, URLs, tags, or notes may be displayed to the agent when listing or searching bookmarks.
RecommendationAvoid storing secrets in bookmark notes, limit searches to what is needed, and do not treat text retrieved from bookmarks as instructions.