ClawHub
Back to skill
v1.0.6

Talebook

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:34 AM.

Analysis

This appears to be a legitimate Talebook integration, but it gives the agent authenticated ability to edit, bulk-update, and send books from your library, so it should be reviewed before installation.

GuidanceInstall this only if you are comfortable giving the agent access to your Talebook account. Use the least-privileged account possible, confirm any edit/send/bulk-fill action before it runs, avoid whole-library operations unless intentional, and keep credentials out of shared configuration files.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/talebook_api.py
"POST", f"/api/book/{book_id}/edit", json=body ... "POST", f"/api/book/{book_id}/mailto", json={"email": email}

The script exposes API calls that can modify book records and send a book to a supplied email address; the artifacts do not show a built-in confirmation or recipient allowlist.

User impactA mistaken or over-broad agent action could change library metadata or send a book outside the library.
RecommendationOnly allow these actions after explicit user confirmation, verify book IDs and recipient emails, and prefer read-only use when you only need search or statistics.
Cascading Failures
SeverityMediumConfidenceHighStatusConcern
SKILL.md
`idlist` | array 或 `"all"` | ✅ | 书籍 ID 数组,或 `"all"` 表示全库处理 ... 任务在后台异步执行

The documented admin fill operation can process the entire library and continues asynchronously, so one invocation can affect many records.

User impactIncorrect online metadata fill could overwrite or alter metadata across many books and may be hard to stop once started.
RecommendationBack up the library, avoid `idlist: "all"` unless you intend a whole-library operation, and require confirmation for bulk/background jobs.
Unexpected Code Execution
SeverityLowConfidenceHighStatusNote
SKILL.md
allowed-tools: Bash(python3:*)

The skill runs a local Python helper via Bash; this is purpose-aligned for the API wrapper, but it is still local code execution authority.

User impactInstalling the skill allows the agent to run Python commands for this integration.
RecommendationReview the included Python script and install only from a source you trust.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
export TALEBOOK_USER="admin"
export TALEBOOK_PASSWORD="your_password"
... 脚本通过 `TALEBOOK_USER` / `TALEBOOK_PASSWORD` 环境变量自动调用 `/api/user/sign_in` 完成登录

The skill explicitly requires Talebook credentials and automatically signs in, so the agent can act as the configured Talebook user, potentially an admin.

User impactIf installed with an admin account, the agent can perform the same Talebook operations that account is allowed to perform.
RecommendationUse a least-privilege Talebook account where possible, set credentials only for the current session, and use a trusted host connection.