Security audit

Bookworm — Sequential Reading for AI Agents

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AI book-reading helper, with normal privacy caveats around using an Anthropic API key and saving reading sessions locally.

Before installing, verify the npm package and source repository yourself, use a dedicated revocable Anthropic API key, and avoid processing confidential manuscripts or private documents unless you are comfortable with external provider processing and local session or journal files retaining that content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill requires an Anthropic API key, which strongly implies that user-provided book content and derived journal/state data may be transmitted to an external LLM service, yet the skill documentation does not clearly disclose that data flow. This is a real privacy and data-handling vulnerability because users may process copyrighted, sensitive, or proprietary documents without informed consent about third-party transmission.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal