ClawHub

Goodreads (Read + Write)

Security checks across malware telemetry and agentic risk

Overview

This Goodreads skill is mostly transparent about what it does, but it uses a saved logged-in browser session with stealth automation to make durable account changes.

Install only if you are comfortable granting this skill logged-in Goodreads write access. Use a private machine and isolated virtual environment, confirm every rating, shelf, review, date, or progress change before running it, and delete scripts/.browser-data or log out when you no longer want the skill to retain access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script intentionally uses anti-bot evasion techniques: a stealth plugin, removal of Playwright automation flags, and browser arguments meant to disguise automation. That exceeds normal Goodreads integration needs and can violate platform protections, making the agent capable of covert automated account actions and harder to detect or audit. In this skill context, that is more concerning because the tool already performs authenticated write actions on a user account.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger description is broad enough to match ordinary book-related conversation, not just explicit Goodreads requests. In this context, that is risky because the skill supports authenticated write actions; overbroad routing could cause the agent to select a state-changing integration when the user only wanted discussion or recommendations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill documents rate, shelf, review, edit-date, and progress commands without a clear up-front warning that these actions modify the user's Goodreads account. Because the skill uses persistent logged-in browser sessions, a user could unknowingly trigger durable account changes, including reviews and reading-history edits, with reputational and privacy consequences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup guide explicitly states that authenticated Goodreads cookies persist for weeks to months via stealth mode, but it does not clearly warn users that this creates a long-lived authenticated browser profile on disk. If the local machine, workspace, or skill directory is accessed by another user, process, or compromised tool, those persisted cookies could allow unauthorized access to the user's Goodreads account without re-authentication.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal