ClawHub

MangaDex CLI

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent MangaDex command-line helper, but users should notice that it installs a global npm package and can handle MangaDex login credentials for authenticated features.

This appears safe to use for MangaDex CLI workflows if you trust the npm package. Before installing, verify the package source, and only provide MangaDex credentials when you need authenticated features such as follow feeds or library-aware recommendations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Installing the skill may add a globally available command from npm to the user's environment.

Why it was flagged

The skill directs installation of a global npm package if the CLI is missing; this is central to the skill, but it pulls executable code from the package ecosystem.

Skill content
`npm install -g @mtsku/mangadex-cli`
Recommendation

Install only if you trust the package and publisher; consider verifying the npm package and pinning a known version where possible.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

If used with authentication, the agent may be given access to MangaDex account-specific information such as follow feeds or library-aware recommendations.

Why it was flagged

The skill can use MangaDex account credentials or access tokens for authenticated feed and library-aware features.

Skill content
`mangadexcli auth login <username> <password>` and `mangadexcli auth set-token <access_token>`
Recommendation

Use public read-only commands when possible, approve authentication commands explicitly, and prefer revocable or scoped tokens over sharing a raw password.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

The agent can run local shell commands needed for this CLI workflow.

Why it was flagged

The skill grants Bash access so the agent can run the MangaDex CLI and setup checks. The documented commands are purpose-aligned, but shell access is still a sensitive execution surface.

Skill content
allowed-tools: Bash
Recommendation

Review and approve install or authentication-related shell commands, especially commands that include credentials.