ClawHub

Raindrop.io Bookmarks

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Raindrop.io bookmark-management skill that uses a Raindrop token and can modify bookmarks, with ordinary credential-handling and destructive-command cautions.

Install only if you want Codex to access and manage your Raindrop.io account. Prefer passing RAINDROP_TOKEN through a trusted environment or keep ~/.config/raindrop.env private with restrictive permissions and only a simple token assignment. Confirm bookmark IDs and collection targets before running delete, update, move, or bulk-move commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script automatically sources ~/.config/raindrop.env as shell code when no token is set. Because source executes arbitrary commands in that file rather than safely parsing a single variable, a local attacker or poisoned config file could achieve code execution whenever the skill runs.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented commands include delete, move, update, and bulk-move operations but provide no warning, confirmation, or rollback guidance for destructive or bulk changes. In an agent setting, this increases the risk of accidental mass modification or deletion of a user's bookmark library.

Missing User Warnings

Low
Confidence
75% confidence
Finding
The setup instructions show storing and passing an API token without any privacy or handling warning. While expected for API usage, exposing credential handling casually can lead users to place tokens in shell history, plaintext files, or shared environments without understanding the risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal