ClawHub

Mybooks

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed MyBooks library integration, but users should be careful because it can upload local ebook files and send books to email addresses or devices.

Install only if you trust the MyBooks server configured in MYBOOKS_HOST and are comfortable giving this skill your MyBooks username and password. Before upload or send actions, verify the exact local file path, book ID, email address, and device URL; avoid using shared/global environment files for credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill supports uploading local files and sending book content to email addresses or networked devices, but it does not prominently require user confirmation or warn that book files and metadata may be transferred off the local system. In a library-management context this is relevant because ebooks, annotations, and metadata may be copyrighted, private, or sensitive, and user-supplied destinations could also enable SSRF-like access to internal device URLs.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The book_upload tool reads an arbitrary local path and transmits that file to the configured remote server, but the code path provides no user-facing confirmation or warning at the time of transfer. In an agent setting, this increases the risk of unintended exfiltration of local files if a user or upstream component supplies a sensitive path.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The mailto operation sends book content externally as an email attachment, but the implementation does not present an explicit warning or confirmation step before transmission. In an agent context, that makes accidental disclosure more likely because content leaves the local service boundary and is delivered to an external address.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The send_to_device function transmits book content to a user-supplied device endpoint or mailbox without explicit disclosure in the execution path. Because the destination may be external or attacker-controlled, this creates a meaningful risk of unintended data transfer in an automated agent workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal