ClawHub

Calibre Metadata Apply

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed, user-gated Calibre metadata editor; its main risks are expected for that job and should be managed carefully.

Install this only where you intend an agent to modify a Calibre library. Keep using dry-runs and confirmed IDs, prefer CALIBRE_PASSWORD over saved plaintext passwords, skip subagent processing if book metadata should stay local, and review any comments_html or analysis content before approving writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The script can synthesize and write HTML into the comments field via analysis/comments_html, which exceeds the stated role of editing standard metadata like title, authors, series, and tags. Because the HTML content is built from input fields without escaping, an attacker controlling input could persist unsafe markup into Calibre comments, creating stored content-injection risk in downstream viewers or interfaces.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly encourages local credential persistence and even optional plaintext password storage, but does not provide a strong warning, storage hardening guidance, or safer alternatives. If a user enables plaintext storage, credentials to the Calibre content server could be exposed through local file compromise, backups, shared home directories, or accidental disclosure.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal