v1.0.1

Readwise Official

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:30 AM.

Analysis

Review before installing: this is mostly a coherent Readwise CLI guide, but it asks for account access and includes broad read/export plus bulk or destructive library-management commands without clear confirmation safeguards.

GuidanceInstall only if you trust the Readwise CLI source and are comfortable giving it access to your Readwise account. Treat search and read-only use as lower risk, but require confirmation before any move, tag change, bulk edit, note update, highlight creation, deletion, or full-library export.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

readwise reader-bulk-edit-document-metadata ...; readwise readwise-delete-highlight --highlight-id <id>; "Triage the inbox: ... decide what's worth the user's time, and move to the right place."

The skill exposes bulk account edits, document moves, and highlight deletion, and one workflow encourages agent judgment followed by moving documents, but the artifact does not require explicit user confirmation, preview, or rollback for these account-changing actions.

User impactAn agent could accidentally move, tag, mark, edit, or delete items in the user's Readwise library if it misinterprets a request.

RecommendationUse read/search commands freely, but require explicit user approval before bulk edits, moves, tag changes, highlight edits, or deletion; preview affected IDs and requested changes first.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

If `readwise` is not installed: npm install -g @readwise/cli

The skill relies on a globally installed external npm CLI. This is central to the stated purpose, but the artifact does not pin a version or provide an install spec.

User impactThe behavior depends on the installed npm package and version on the user's machine.

RecommendationInstall the CLI from a trusted source, consider pinning a known version, and review the package before granting it an access token.

Human-Agent Trust Exploitation

SeverityLowConfidenceMediumStatusNote

metadata

Name: Readwise Official; Source: unknown; Homepage: none

The skill name presents an official affiliation, but the provided metadata does not include a source or homepage to substantiate provenance.

User impactA user may place extra trust in the skill because it is labeled official, even though the provided registry information does not verify that claim.

RecommendationVerify the publisher and CLI package source before installing or providing a Readwise token.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

If not authenticated, ask the user for their Readwise access token ... readwise login-with-token <token>

The skill needs a Readwise access token to operate on the user's account. This is purpose-aligned, but it is sensitive account authority and should be handled deliberately.

User impactAnyone or any tool with this token could access and potentially manage the user's Readwise data according to the token's permissions.

RecommendationOnly provide a token if you trust the installed CLI and skill; avoid pasting tokens into unrelated chats, and revoke or rotate the token if it may have been exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

Semantic search across all saved documents; Get full document details including Markdown content; Export all documents as Markdown ZIP

The skill can retrieve broad private reading content and full document Markdown into the agent's context, and can export the library. This is expected for Readwise access but may expose sensitive personal material to the agent session.

User impactPrivate articles, notes, highlights, emails, PDFs, or other saved content may be read into the conversation or exported during use.

RecommendationLimit queries and exports to what is needed, avoid requesting full-content exports unless necessary, and treat retrieved document text as untrusted content rather than instructions.