Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pocket AI Transcripts
v1.0.0Read transcripts and summaries from Pocket AI (heypocket.com) recording devices. Use when users want to retrieve, search, or analyze their Pocket recordings, transcripts, summaries, or action items. Triggers on requests involving Pocket device data, conversation transcripts, meeting recordings, or audio note retrieval.
⭐ 1· 1.7k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, and API usage (production.heypocketai.com) align with the included client code. However the SKILL.md and scripts require the separate 'browser' skill and Chrome to be run with a profile and remote debugging flags; those dependencies are not declared in the registry metadata. Asking to extract a Firebase bearer token from the browser is coherent for this purpose but should have been declared.
Instruction Scope
Runtime instructions explicitly tell the user to start Chrome with a profile and use a local browser-eval script to read IndexedDB and extract Firebase tokens. This is narrowly scoped to obtaining an auth token for Pocket, but it necessarily grants the skill access to browser storage (which can contain other credentials). The instructions save tokens to ~/.pocket_token.json. There are no suggestions in SKILL.md to limit the profile used or isolate the browser, nor warnings about the sensitivity of IndexedDB access.
Install Mechanism
There is no remote install/download; the skill is instruction + a local python script. No external archives or runtime downloads are invoked by an install spec. This keeps install-time risk low. The script does invoke subprocesses to call the local 'browser' skill's JS files.
Credentials
No env vars or credentials are declared, which matches registry metadata, but the code requires access to a Chrome user profile and the browser-eval scripts under ~/.factory/skills/browser or ~/.claude/skills/browser. Extracting Firebase tokens from the browser is sensitive and granting remote-debugging access to Chrome may expose other site tokens/cookies if not performed on an isolated profile. The skill writes the token to ~/.pocket_token.json (expires in ~1 hour); presence of this file is additional sensitive state.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and stores only a short-lived token in the user's home directory. It does not request system-wide persistent privileges.
What to consider before installing
This skill appears to do what it says (access Pocket transcripts) but it extracts a Firebase bearer token from your Chrome profile using remote debugging and a separate 'browser' skill. Before installing: (1) inspect the full reader.py and the browser-eval JS to confirm no unexpected network endpoints or data exfiltration; (2) run Chrome with an isolated/new profile (not your main profile) when extracting tokens; (3) review and, if desired, remove ~/.pocket_token.json after use and revoke sessions via Pocket if you suspect exposure; (4) ensure you trust the source repository (there is no declared homepage and the skill registry metadata omits the browser-skill dependency). If you can obtain a token via an official OAuth flow or the vendor's API, prefer that instead. Additional info (full, un-truncated reader.py and the referenced browser eval.js) would increase confidence in the assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk978d0y40wwjxy6evj4bwyqrex7ypbqj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.