ClawHub

Anne Library Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks users to prepare institutional library credentials while overstating automation and shipping incomplete or unsafe helper behavior.

Review before installing. Do not provide institutional library credentials to this skill unless the author documents exactly how they are used, declares them in metadata, and ships the missing authentication components. Treat the current implementation as incomplete, avoid untrusted URLs, and check your library or institution’s rules before attempting automated or batch downloads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to place library credentials in environment variables and highlights automatic authentication, but provides no warning about credential exposure, shell history leakage, process/environment inspection, or secure secret handling. In a tool that automates access to third-party academic platforms, this omission increases the chance users will mishandle institutional credentials and expose them to other local processes, logs, or shared environments.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises fully automated downloading, DOI extraction, authentication, and batch downloading across external academic platforms without warning about storage consumption, automated external interactions, rate limits, account restrictions, or policy/legal implications. This is dangerous because users may unknowingly trigger large-scale downloads or repeated authenticated requests that affect their accounts, systems, or institutional access.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
User-supplied book title and author are transmitted to Crossref without any user-facing notice or opt-in. While this is not a classic code-execution flaw, it creates a privacy and transparency issue because potentially sensitive research interests or reading activity are sent to a third party automatically.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The code generates and executes a Node/Playwright script without any user-facing warning, causing local code execution and outbound browsing activity that users may not expect. In an agent-skill context, undisclosed subprocess execution is more dangerous because it may invoke additional runtimes, access network resources, and complicate trust boundaries.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal