ClawHub
Back to skill
v0.2.4

Raindrop.io Bookmark Manager

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 12:40 PM.

Analysis

The skill mostly matches a Raindrop bookmark manager, but it needs review because the artifacts flag an apparent hardcoded OAuth secret despite saying secrets are not embedded.

GuidanceBefore installing, review the flagged client_secret line and remove or rotate any real embedded secret. Use your own Raindrop token or OAuth credentials via environment variables or a protected local env file, and only allow delete or bulk import/export commands when you explicitly want those account changes.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
without exposing secrets inside the published skill ... never hardcode real client ids, secrets, access tokens, or refresh tokens into the skill

The documentation makes strong no-embedded-secret claims, but the static scan reports an apparent hardcoded client_secret in the published script.

User impactUsers may trust the skill's secret-handling claims and miss a credential exposure that should be reviewed before use.
RecommendationAlign the code and documentation: remove embedded secrets, keep only placeholders/examples, and republish after confirming the static secret finding is resolved.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
`create-collection`, `update-collection`, and `delete-collection` ... `add-bookmark`, `update-bookmark`, and `delete-bookmark` ... `import-bookmarks` and `export-bookmarks`

The skill exposes commands that can create, update, delete, import, and export Raindrop account data. These actions are disclosed and purpose-aligned, but they are account-mutating operations.

User impactIf invoked with a valid token, the skill can change or delete bookmark and collection data in the user's Raindrop account.
RecommendationUse a token for the intended account only, back up important bookmarks before bulk operations, and require explicit user confirmation before delete or bulk import commands.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceMediumStatusConcern
scripts/raindrop_manager.py
client_secret = [REDACTED] or creds.get("client_secret")

The provided static scan flags this line as an exposed hardcoded API secret or token. If the redacted value is a real OAuth client secret, the published skill expands the credential boundary beyond user-supplied environment credentials.

User impactAnyone installing or inspecting the skill may receive or expose an embedded OAuth secret, and OAuth flows may rely on a credential the user did not provide.
RecommendationRemove any hardcoded OAuth secret, rotate it if it was real, load client secrets only from user-controlled environment/config files, and declare the required credential fields in metadata.