Readeck Save

Security checks across malware telemetry and agentic risk

Overview

This skill coherently saves user-provided URLs to the user’s configured Readeck read-it-later server using a disclosed API token.

Install this only for a Readeck instance you trust. Configure READECK_URL carefully, use a revocable or least-privileged API token if available, and avoid saving private or internal URLs unless you intend for that Readeck server to store and fetch them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The skill sends user-supplied article URLs to a remote Readeck server for storage and server-side fetching, but the description does not clearly disclose this external transmission. This is a privacy and transparency issue because users may assume the action is local, while in reality the URL and associated access patterns are shared with an external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal