ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Weread Import

v0.3.0

Export WeRead highlights and notes into Markdown files, usually into an Obsidian Reading folder. Use when the user asks to import or sync WeRead books, re-re...

0· 182·1 current·1 all-time
by@gnixner
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: code fetches data from weread.qq.com, renders Markdown, supports browser cookie extraction or manual cookie input, and writes files to a user-specified output. Declared dependencies (Playwright) and CLI flags are appropriate for a tool that can extract cookies from a browser and call the WeRead API.
Instruction Scope
Runtime instructions direct the agent/user to run scripts/run.sh which (a) auto-installs dependencies, (b) ensures a Chrome CDP instance and (c) may copy the user's default Chrome Profile to a dedicated profile directory to preserve login state. Copying Cookies and Login Data is explicitly documented and is consistent with the 'browser cookie extraction' feature, but it is a sensitive operation (it can read other site cookies/login files). The code does not appear to transmit these cookies to any external endpoint other than requests to weread.qq.com.
Install Mechanism
No install spec in the registry; the CLI runs npm install --production on first run (package.json depends on playwright). Installing Playwright is expected for browser/CDP automation, but note that npm install will download packages from the registry and Playwright may download browser binaries at install/runtime. This is a standard, traceable mechanism (npm registry and Playwright) rather than an arbitrary remote archive.
Credentials
The skill does not request unrelated cloud credentials and uses a small set of environment variables (WEREAD_COOKIE, WEREAD_CDP_URL, WEREAD_OUTPUT, WEREAD_TAGS, WEREAD_USER_AGENT) that match its purpose. However, the open-chrome-debug.sh script reads files from the user's default Chrome profile (Cookies, Login Data, Preferences, etc.) to seed a profile directory; this grants the skill access to local browser state beyond just WeRead cookies. That behavior is documented in SKILL.md but is sensitive and worth explicit consent.
Persistence & Privilege
The skill is not force-included (always: false). It writes its own state file (.weread-import-state.json) into the chosen output directory and creates a profile directory (~/.weread-import-profile) when syncing Chrome login state. Those are expected for its functionality, but they do modify the user's home directory and filesystem.
Assessment
This project is internally consistent with its goal of exporting WeRead notes. Key things to consider before installing/running: 1) The first-run script will run npm install and install Playwright (and may download browser binaries); ensure you trust the npm packages. 2) To enable automatic browser cookie refresh, the helper script will copy files from your default Chrome profile (Cookies, Login Data, Preferences, etc.) into ~/.weread-import-profile and then launch Chrome with that profile; this can expose other site cookies stored in that profile. If you are uncomfortable with that, use the manual cookie options (WEREAD_COOKIE or --cookie) or run the tool in an isolated browser/profile. 3) The tool will write files to the output directory you specify and create .weread-import-state.json for incremental sync—check the target path to avoid overwriting important data. 4) The tool talks only to weread.qq.com for API requests; it does not add unexpected remote endpoints in the source. If you want extra assurance, review scripts/open-chrome-debug.sh and scripts/run.sh and run in a controlled environment (temporary directory or VM) the first time.
src/api.mjs:5
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9759mc40z3kc6fns7batv17w984bye4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments