ClawHub

Book Deep Reader

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill researches books online and writes a Markdown notes file, which matches its stated purpose.

Install this if you want an agent to perform web research and create a book-notes Markdown file in your workspace. Before running it, consider confirming the desired language and filename, especially if a similarly named notes file may already exist. Review generated citations and quotations for accuracy and copyright sensitivity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Low
Confidence
86% confidence
Finding
The skill explicitly instructs the agent to save a generated markdown file into the workspace, but it does not tell the agent to obtain user consent or clearly disclose that it will modify local files. This can lead to unexpected file creation or overwriting in environments where workspace state matters, even though the write is part of the skill’s intended functionality rather than an attempt to exfiltrate or damage data.

Natural-Language Policy Violations

Medium
Confidence
75% confidence
Finding
The skill constrains outputs to Chinese or English and hardcodes language-specific filenames without explicitly asking the user which language they prefer. While this is mainly a usability and consent issue rather than a classic security flaw, it can cause unwanted output, misunderstandings, or policy misalignment in multilingual contexts where the user expects another language or locale-sensitive handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal