AniList CLI
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent AniList CLI wrapper, but users should notice that it installs an external npm package and can use an AniList token to change account lists.
This appears safe for its stated purpose. Before installing, make sure you trust the npm package, and do not provide an AniList token unless you want the agent to access and potentially update your AniList lists.
VirusTotal
63/63 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill depends on trusting the npm package that provides the AniList CLI.
The skill directs installation of an external global npm CLI package; this is purpose-aligned for an AniList CLI skill, but the package code is not included in the provided artifacts.
`npm install -g @mtsku/anilist-cli`
Install only if you trust the @mtsku/anilist-cli package and are comfortable with a global npm CLI installation.
If given an AniList token, the agent can act on the user's AniList account and change list entries.
The skill documents token-based AniList authentication and commands that can modify the user's planning, status, and progress lists.
`anilistcli auth set-token "<token>"` ... `anilistcli planning add "<title>"` ... `anilistcli status set "<title>" CURRENT` ... `anilistcli progress set "<title>" 12`
Use a token only when needed, confirm intended list changes, and rely on the documented --dry-run step before allowing write operations.