Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Castreader Openclaw Skill
v3.2.14URL to audio: extract any web page and convert to natural AI speech (Kokoro TTS). The only skill that turns a URL into a podcast-quality MP3 — no API key nee...
⭐ 1· 479·1 current·1 all-time
by@vinxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill is a URL/book-to-audio tool and its code (extractor bundle, puppeteer-based extraction, and TTS calls) matches that purpose. It also reads a local library directory (~/castreader-library/books/) for synced books — this is consistent with the 'read books' capability. Small mismatch: the SKILL metadata does not list environment variables (CASTREADER_API_URL/VOICE/API_KEY) even though the scripts use them; README documents them.
Instruction Scope
SKILL.md instructs the agent to run npm install and then use the provided node scripts only. Those scripts (extract/read-url/sync-books/generate-text) perform web browsing via Puppeteer, inject extractor-bundle.js into target pages, read/write files under /tmp and the user's home castreader-library, and POST extracted text to an external TTS endpoint (default https://api.castreader.ai). All of these actions are within the stated scope, but they do involve sending extracted webpage/book text off-host (privacy consideration).
Install Mechanism
There is no automated install spec in the registry, but SKILL.md insists on running `npm install` in the skill directory. package.json depends on puppeteer, which will fetch many npm packages and download a Chromium binary during install — a moderate-risk, high-footprint operation. The packages come from the npm registry (no obscure URLs), but you should expect a substantial download and native resource use.
Credentials
The skill does not declare required env vars in registry metadata, but the code reads optional environment variables: CASTREADER_API_URL, CASTREADER_API_KEY, CASTREADER_VOICE, CASTREADER_SPEED. Using an API_KEY (if provided) would send that secret to the TTS API on requests. The scripts also read files under the user's home directory (~/castreader-library/books/) — appropriate for reading synced books but potentially sensitive. Overall the requested/used env and filesystem access are explainable for the feature set but the registry metadata omission and the fact that extracted text is posted to an external API are notable concerns.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills or system settings, and does not persist agent-wide configuration. It runs as-invoked (node scripts) and does not request elevated privileges beyond normal filesystem and network access for the current user.
Scan Findings in Context
[uses-puppeteer] expected: Puppeteer is necessary for headless browsing and page extraction; install will download Chromium which increases install footprint and network activity.
[external-tts-api-calls] expected: scripts call POST {CASTREADER_API_URL}/api/captioned_speech_partly and will upload text to that endpoint (default https://api.castreader.ai). This is expected for a TTS service but implies extracted webpage/book text is transmitted to an external service.
[reads-home-directory-castreader-library] expected: sync-books.js reads ~/castreader-library/books/* to enumerate and open book files — expected for book-reading functionality, but this is access to local user files.
Assessment
What to consider before installing:
- Network & privacy: The skill extracts webpage text and book files and sends that text to an external TTS API (default https://api.castreader.ai). If pages or books contain sensitive data, do not use the online TTS mode. The API key is optional; if you set CASTREADER_API_KEY it will be included in requests to the API.
- Install footprint: You must run `npm install` in the skill folder. That will install Puppeteer and many npm packages and will download a Chromium binary — expect a large download and extra disk space. Prefer running in a sandbox, container, or VM if you are cautious.
- Local file access: The skill will read from ~/castreader-library/books/ for synced books. Ensure only intended files are stored there before using the book features.
- Code review & testing: If you want to be extra safe, inspect the included scripts (they are present) and test extraction-only mode (run `node scripts/read-url.js <url> 0`) offline to verify extraction behavior without generating TTS. You can also run `npm install --no-audit` in an isolated environment and monitor network traffic.
- Metadata mismatch: The registry metadata didn't declare the environment variables the scripts use — be aware and set/omit CASTREADER_API_KEY and CASTREADER_API_URL intentionally.
If these observations are acceptable, the skill appears to do what it claims. If not, consider an offline/local TTS alternative or running the tool in an isolated environment.scripts/read-url.js:133
Shell command execution detected (child_process).
scripts/generate-text.js:16
Environment variable access combined with network send.
scripts/read-url.js:29
Environment variable access combined with network send.
scripts/sync-books.js:38
Environment variable access combined with network send.
scripts/generate-text.js:103
File read combined with network send (possible exfiltration).
scripts/read-url.js:130
File read combined with network send (possible exfiltration).
scripts/sync-books.js:130
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk974y3dxbn6jew0ead3ygtam6583wknj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔊 Clawdis
OSmacOS · Linux · Windows
Any binnode