BookNotes Reading Notes and Book Tracker
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: book-notes Version: 1.0.2 The BookNotes skill bundle is a straightforward tool for local book tracking and note-taking. The implementation in `src/book-notes.js` uses standard file system operations with input sanitization (slugification) to prevent path traversal vulnerabilities. There is no evidence of network activity, data exfiltration, or malicious instructions in the documentation (SKILL.md/README.md).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You are relying on the registry-provided artifacts rather than a clearly linked upstream project.
The package does not provide a verifiable upstream source or homepage in the registry metadata, so users cannot easily compare the registry package to an external repository.
Source: unknown; Homepage: none
Review the included files before installing and prefer versions from a trusted publisher or verifiable source when available.
Private reading notes or quoted text may persist locally and could influence future summaries or responses if the agent uses them as context.
The skill stores user-provided notes persistently and may reuse them for summaries or cross-references in later interactions.
- **Cross-reference** — connects related ideas across books - **Book summaries** — auto-generated from your notes ... **DATA DISCLAIMER:** This software processes and stores data locally on your system.
Keep backups, avoid storing highly sensitive material unless you are comfortable with local persistence, and treat stored quotes/notes as content rather than instructions.