Pocket AI Transcripts
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its stated purpose, but it extracts and caches your Pocket/Firebase browser session token to access private recordings, so it needs careful review before use.
Treat this as a review-before-install skill. It appears designed to read Pocket transcripts as advertised, but it relies on extracting a logged-in browser token and saving it locally. Use it only if you trust the code and source, inspect the full reader.py file, keep the token file protected, and delete ~/.pocket_token.json when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything that can read the cached token file may be able to access the user's Pocket account data until the token expires or is revoked.
The helper extracts Pocket/Firebase session tokens from the browser and stores token material locally, including a refresh token. This is high-impact credential handling and is not reflected in the registry credential declarations.
TOKEN_CACHE_FILE = Path.home() / ".pocket_token.json" ... 'access_token': access_token, 'refresh_token': refresh_token ... accessToken: tm.accessToken, refreshToken: tm.refreshToken
Only use this if you trust the skill and need this integration; inspect the full script, restrict permissions on ~/.pocket_token.json, delete it when done, and prefer an official OAuth/API flow if available.
The agent may have broader Pocket account authority than just the specific transcript the user intends to read.
The skill uses a raw, reverse-engineered API with a bearer token taken from browser storage rather than a clearly scoped official integration. That makes the permission boundary and available account actions unclear.
Read transcripts and summaries from Pocket AI devices via reverse-engineered API. ... Auth: Firebase Bearer token from browser IndexedDB
Confirm the skill is only used for read-only transcript retrieval, verify the requested recording scope before use, and avoid leaving reusable account tokens available.
Private conversations and location details may be loaded into the agent context and included in subsequent analysis or outputs.
The skill intentionally retrieves private recording transcripts, summaries, action items, and possible location metadata. This is purpose-aligned, but the data is sensitive.
Get transcript + summary + action items ... latitude, longitude (if location enabled)
Invoke the skill only for recordings you intend to share with the agent, and review outputs before copying or sharing them elsewhere.
Running the setup gives the helper access to the active browser profile used for Pocket login.
The setup flow asks the user to run local browser-skill commands and a Python helper. This is central to the skill's purpose and user-directed, but it is still local code execution with access to browser session state.
~/.factory/skills/browser/start.js --profile ... ~/.factory/skills/browser/nav.js https://app.heypocket.com ... python3 scripts/reader.py extract
Run setup commands manually, confirm Chrome is on app.heypocket.com, and review the helper script before executing it.
Users have less ability to verify who maintains the skill or whether the distributed code matches a trusted upstream source.
The artifact has no declared source repository or homepage for provenance verification.
Source: unknown; Homepage: none
Install only from a trusted source and compare the full packaged files against a repository or release you trust.