Reader Deep Dive
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: reader-deep-dive Version: 0.1.0 The skill is benign, aligning with its stated purpose of fetching Readwise data, processing it with an LLM, and sending a WhatsApp briefing. It uses the `READWISE_TOKEN` for legitimate API calls to `readwise.io` and `clawdbot message send` to deliver the briefing, both explicitly declared. The LLM prompts (`prompts/analyze.txt`, `prompts/briefing.txt`) are well-constrained, explicitly limiting output format and content, which mitigates prompt injection risks from the LLM's response. There is no evidence of intentional harmful behavior like unauthorized data exfiltration, persistence, or malicious execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone running the skill must trust it with access to Readwise Reader data returned by the API.
The script uses a Readwise API token to access the user's Reader data. This is aligned with the skill's stated purpose, but the token can expose private reading-library information.
curl -s -H "Authorization: Token $READWISE_TOKEN" "https://readwise.io/api/v3/list/?location=new&page_size=10"
Store READWISE_TOKEN securely, rotate it if exposed, and use the least-privileged Readwise token available.
Private titles, summaries, authors, dates, and URLs from the user's reading library may be processed by an external LLM and delivered to the configured phone number.
Readwise-derived context is sent to the Gemini CLI for generation, and the generated briefing is sent through clawdbot to a WhatsApp target. This is disclosed and purpose-aligned, but it moves private reading data through external provider/messaging boundaries.
BRIEF=$(gemini -o text 2>/dev/null <<EOF ... CONTEXT: $CONTEXT_DATA ... EOF ) ... clawdbot message send --target "$TARGET_NUMBER" --message "$BRIEF"
Confirm the Gemini and clawdbot data-handling policies are acceptable, and set TARGET_NUMBER only to the intended recipient.
The skill's behavior depends on locally installed CLI tools and their configured accounts, not just the skill text itself.
The README documents required local tools, while the registry metadata lists no required binaries and no install spec. This is not malicious, but users need to know these local executables are part of the runtime trust boundary.
- `curl`, `jq` - `clawdbot` (for LLM inference and WhatsApp delivery) - `gemini` CLI (for stateless completion)
Verify the installed curl, jq, gemini, and clawdbot commands are trusted and configured for the accounts you intend to use.
If scheduled, the skill will keep fetching Readwise data and sending briefings on the configured schedule.
The skill provides a user-directed cron setup for recurring daily execution. This matches the daily briefing purpose, but it is persistent automation that will continue running until removed.
clawdbot cron add --id reader_brief --schedule "0 14 * * *" --command "bash scripts/brief.sh"
Only add the cron job if you want recurring delivery, and remove or disable it when you no longer want automated messages.