Karakeep Save
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the configured key through this skill can create bookmarks in the associated Karakeep instance.
The skill needs a Karakeep bearer API key to authenticate to the user's bookmark service. This is expected for the integration, but it is still delegated account access.
export KARAKEEP_URL="https://your-karakeep-instance.com" export KARAKEEP_API_KEY="your-api-key" ... - **Auth:** Bearer token
Use a Karakeep API key you can revoke, scope it narrowly if Karakeep supports scoped keys, and store it only in the intended Clawdbot or shell environment.
When invoked, the skill will send the provided URL and optional note to the configured Karakeep server and create or detect a bookmark there.
The script performs an authenticated POST that mutates the user's Karakeep data by adding a bookmark. This is the advertised function and is scoped to one API endpoint.
RESPONSE=$(curl -s -X POST "${KARAKEEP_URL}/api/v1/bookmarks" \
-H "Authorization: Bearer ${KARAKEEP_API_KEY}" \
-H "Content-Type: application/json" \
-d "$BODY")Invoke it only for URLs you intend to save, and verify KARAKEEP_URL points to your trusted Karakeep instance.
Users may not notice from the registry metadata alone that the skill needs a Karakeep API key and local curl/jq tools.
The registry metadata does not advertise the credential, environment variables, or local command dependencies that the SKILL.md and script require. This is a declaration/provenance gap rather than hidden behavior.
Source: unknown Homepage: none Required binaries (all must exist): none Required env vars: none Primary credential: none
Review the included script before use, ensure curl and jq are installed, and prefer skills with complete metadata and a known source when handling credentials.