ClawHub

Talebook

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a disclosed Talebook/MyBooks library client, but it can upload local files and send books to arbitrary destinations without built-in confirmation or tight validation.

Review before installing. Use it only with a Talebook/MyBooks server you trust, preferably local or HTTPS, and provide credentials through a session-scoped environment rather than shared files. Before any upload or send action, manually verify the exact file path, book ID, destination email, and device address; do not let an agent choose those values from untrusted text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The book_upload tool accepts any absolute local file path and reads that file for upload, with no restriction to ebook formats or approved directories. In an agent setting, this can be abused to exfiltrate arbitrary local files under the guise of a library upload feature, making it broader than the stated purpose.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The mail-sending feature allows books to be sent to arbitrary email addresses but does not prominently warn that book files and possibly metadata will be transmitted to an external recipient. In a library-management context this can cause unintended data exfiltration, privacy violations, or copyright/compliance issues if a user or agent supplies the wrong address.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The upload feature sends a local file from an absolute path to the remote Talebook service, but the documentation does not clearly warn that the file contents leave the local machine. This is dangerous because an agent could be directed to upload sensitive local files under the guise of adding a book, leading to accidental exfiltration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This upload path sends local file contents to the configured Talebook server immediately once invoked, without any in-code confirmation or warning step. In a tool/agent workflow, silent transmission of local data increases the chance of accidental or socially engineered exfiltration.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The mailto action can send book content to an arbitrary email address provided in args, with no additional safety checks or user-facing disclosure at execution time. That makes data egress easy and potentially accidental, especially if an agent is manipulated into using an attacker-controlled address.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The send_to_device action transmits book content to either a mailbox or a device URL supplied in arguments, without any confirmation or destination validation. In context, this can act as an exfiltration channel to attacker-controlled endpoints or misconfigured external devices.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal