ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Book Reader - Learn & Grow Every Day

v1.0.0

Read EPUB, PDF, or TXT books from multiple sources with progress tracking, smart chunking, and summary extraction for efficient learning.

5· 1.2k·9 current·9 all-time
by@josharsh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The script and SKILL.md align with the stated purpose: searching Gutenberg, downloading EPUB/PDF/TXT, extracting text, and storing reading progress. Declared dependencies (pandoc, pdftotext, Python ebook libs) map to the code's EPUB/PDF handling. One small mismatch: the script uses jq for JSON processing but jq is not mentioned in SKILL.md or the registry metadata.
Instruction Scope
Runtime instructions and the script stay within the declared scope: downloading books (from user-supplied URLs or Gutendex), extracting text, and saving progress to a local workspace (~/.openclaw/workspace). The skill does not instruct reading unrelated system files or exfiltrating data to third-party endpoints beyond fetching book sources and calling the Gutendex API. It mentions Anna's Archive as a source but does not automate access to it (the script points users to the site manually).
Install Mechanism
There is no install spec (instruction-only), so nothing arbitrary is downloaded or executed during installation. Dependencies are installed by the user via OS package manager or pip per SKILL.md. This is the lower-risk pattern.
Credentials
The skill requests no secrets or privileged environment variables. It optionally respects OPENCLAW_WORKSPACE to change its storage location; otherwise it writes state under ~/.openclaw/workspace, which is proportional to its functionality.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. It stores only its own reading-state file under its workspace and does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it says: download books, extract text, and track reading progress in ~/.openclaw/workspace. Before installing or running: 1) Ensure you have the runtime tools the script actually needs — SKILL.md omits jq (the script uses jq for JSON parsing), and the Python EPUB path requires ebooklib and bs4/lxml if pandoc is not present. 2) Be mindful of legality and ethics: the script can download from arbitrary URLs and references Anna's Archive (a shadow library); avoid downloading copyrighted material unless you have the right to do so. 3) Review network usage policies: downloads come from Gutendex or user-provided URLs, so only use trusted sources. 4) The script writes reading-state.json in your workspace and may include file paths and notes — treat that as local data. If you need higher assurance, run the script in a sandbox or review the code locally before giving it files or network access.

Like a lobster shell, security has layers — review code before you run it.

latestvk975q6sp0ppymj8aj6h682cv3h815f27

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments