Readwise & Reader

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Readwise/Reader API helper that reads account data and can save URLs when explicitly invoked.

Install this only if you are comfortable giving the agent access to your Readwise token. It can read private highlights, notes, saved article metadata/content, and, when the save command is used, add URLs to your Reader account.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill metadata says it provides access to Readwise highlights and saved articles, but the implementation also supports a mutating 'save' command that can create new Reader items from arbitrary URLs. This capability expansion is dangerous because users or calling agents may grant or invoke the skill expecting read-only behavior, while it can perform write actions against the account and persist attacker-chosen content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal