Readeck Save
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can add bookmarks to the Readeck account associated with the configured token.
The skill requires a Readeck API token and instance URL so it can authenticate API requests. This is expected for saving bookmarks, but it gives the skill delegated access to the configured Readeck account.
export READECK_URL="https://your-readeck-instance.com" export READECK_API_TOKEN="your-api-token"
Use the least-privileged Readeck API token available, store it only in the intended environment, and revoke or rotate it if it is exposed.
Saving a URL creates a bookmark and may cause the Readeck server to fetch that page.
The helper uses curl to post the provided URL to the configured Readeck API. This matches the skill purpose, but it is still an external API write using user- or agent-supplied input.
curl -s -X POST "${READECK_URL}/api/bookmarks" \
-H "Authorization: Bearer ${READECK_API_TOKEN}" \
-H "Content-Type: application/json" \
-d "{\"url\": \"$URL\"}"Use it only for URLs you actually want saved, and review unusual or internal/private URLs before submitting them.
There is limited external information to verify the publisher or project origin before configuring an API token.
The published artifacts provide limited provenance information and no install specification. The included script is small and consistent with SKILL.md, so this is a transparency note rather than a concern.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Review the included script and confirm you trust the skill source before setting READECK_API_TOKEN.