Skillv1.0.0

ClawScan security

Goodreads (Read + Write) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 3:06 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are consistent with its stated purpose (Goodreads read via RSS/scraping and write via Playwright browser automation); it asks for no unrelated secrets and stores session cookies locally, but installing and using it grants the skill the ability to act on your Goodreads account so review persistence and login behavior before use.
Guidance: This skill appears to do what it says: read Goodreads via RSS/scraping and perform writes by automating a browser. Before installing: (1) review the scripts yourself if you can (they are included); (2) run the tool inside a dedicated virtual environment as instructed (do not install playwright globally unless you want that); (3) be aware the one-time login will store cookies in scripts/.browser-data so the tool can act later without re-authenticating — if you don't want long-lived access, use a throwaway Goodreads account or remove the .browser-data directory and revoke sessions in your Goodreads/Amazon account after use; (4) remember that if you allow the agent to call skills autonomously, it could perform write actions using the saved session — lock down autonomous execution or require manual invocation for write operations if that concerns you.

Review Dimensions

Purpose & Capability: okName/description promise read+write Goodreads functionality. The package only requires python3 and Playwright (used for browser automation) and includes RSS scraping code for read-only functionality — these map to the stated purpose. The few path references (scripts/.venv vs a stray reference to ~/.openclaw/common-scripts/.venv in a docstring) are minor documentation inconsistencies, not indications of unrelated capabilities.
Instruction Scope: noteSKILL.md and scripts instruct the agent/user to install playwright and playwright-stealth, run a one-time interactive browser login, and then perform headless automated actions. Read commands use Goodreads RSS and page scraping only. There are no instructions to read arbitrary local files or to contact any third-party endpoints beyond Goodreads. Note: the skill instructs storing persistent browser data (cookies) locally to maintain sessions; that enables later write operations without re-login.
Install Mechanism: okThere is no automated install spec in the registry — installation is manual via pip (pip install playwright playwright-stealth) and playwright install chromium as documented. This is a common/expected approach for Playwright-based tools; it is not an opaque remote download from a personal server. Risk is standard for pip-installed packages (supply-chain risk) but proportionate to the functionality.
Credentials: okThe skill does not declare or require secrets/credentials from the environment. It optionally recommends setting GOODREADS_USER_ID for RSS verification and supports a GR_VENV env var to override the venv location — both are appropriate for the described functionality. The tool requires you to sign into Goodreads/Amazon in an interactive browser (expected for write actions).
Persistence & Privilege: noteThe writer script creates and uses a local .browser-data directory to persist cookies/sessions for weeks/months as documented. That is expected for a browser-automation write tool, but it means the skill — once authorized — can perform actions on your Goodreads account without re-prompting. The skill is not marked always:true, but since disable-model-invocation is false (the platform default), an agent that is allowed to call skills autonomously could trigger write actions using the stored session; users should consider this operational risk.