Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Book Recommender - 书籍推荐
v2.0.1Recommend books based on interests or history, check Douban ratings and reviews, and manage reading notes and book lists.
⭐ 0· 64·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name and description (recommend books, Douban ratings, notes, lists) align with the included Python code which implements an offline book DB, recommendation/search functions, and JSON-backed bookshelf/notes. However, SKILL.md promises Douban API integration and places data under ~/.openclaw/workspace/book-recommender/library.json, while the code writes/reads JSON files in the skill directory (DATA_DIR = Path(__file__).parent). The declared capabilities (network access to Douban) are not implemented in the visible portion of the code, which is an inconsistency.
Instruction Scope
SKILL.md requests network access and file read/write and shows a specific storage path in the user's home directory. The instructions otherwise are narrowly scoped to recommendation, rating lookup, and note-taking. No instructions ask the agent to read arbitrary system files or other credentials. The mismatch between the documented storage path and the code's DATA_DIR usage is concerning: it affects where user data will actually be stored and whether user-home files will be touched.
Install Mechanism
There is no install spec and no external downloads; the skill is instruction-only with one bundled Python file. This is lower risk than fetching remote code. The shipped code will be executed locally if the platform invokes it, but no install-time network fetches or archive extraction are present.
Credentials
The skill declares no required environment variables or credentials, and the visible code does not reference env vars. SKILL.md mentions Douban API access but there is no API key or credential declared—either the integration isn't implemented yet (TODO) or the skill would use unauthenticated scraping (not declared). Lack of declared credentials is plausible but worth confirming before granting network access.
Persistence & Privilege
The skill does not request 'always: true' or elevated privileges. It reads/writes JSON files (bookshelf/library/reading_log) in the skill's directory according to the code; SKILL.md suggests a different user-home path. The file operations are expected for this functionality, but you should confirm the exact paths used at runtime so no unexpected user files are overwritten.
What to consider before installing
This skill appears to implement offline recommendations and local note storage, but SKILL.md and the Python code disagree about two important things: (1) SKILL.md says it will use the Douban API (network) while the shipped code shows no obvious network calls in the visible portion; (2) SKILL.md shows data stored under ~/.openclaw/workspace/... but the code writes JSON files next to the skill (DATA_DIR = skill folder). Before installing or granting network/file permissions: 1) Request or inspect the full book_recommender.py (the listing is truncated) to confirm there are no hidden network endpoints or unexpected behavior; 2) Confirm where data will actually be written at runtime and whether it will touch your home directory; 3) If the skill will use Douban, ask how it authenticates (any API keys) and ensure required credentials are declared and scoped; 4) Run the skill in a sandboxed environment or with confined filesystem permissions first; 5) If you expect no network access, disable network permissions until the Douban integration is implemented and audited.Like a lobster shell, security has layers — review code before you run it.
latestvk9715d8gfqcq4tdnkzg56s8cqh83wcp4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.