BookStack
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent invoking these commands could delete wiki content from the connected BookStack instance.
The script includes direct DELETE operations against BookStack resources. This is consistent with the documented CRUD purpose, but it is a high-impact action if invoked on important documentation.
def delete_book(args):
"""Delete a book"""
api_call("DELETE", f"books/{args.id}")Use a least-privilege BookStack token where possible and require explicit user confirmation before running delete or broad update commands.
Anyone with access to the configured token can potentially access or modify BookStack content according to that token’s permissions.
The skill uses BookStack API credentials from environment variables to authenticate requests. This is expected for the integration, but the token carries delegated account authority.
TOKEN_ID = os.getenv('BOOKSTACK_TOKEN_ID', '')
TOKEN_SECRET = os.getenv('BOOKSTACK_TOKEN_SECRET', '')
...
"Authorization": f"Token {TOKEN_ID}:{TOKEN_SECRET}"Store the token securely, avoid sharing it in prompts or logs, and use a BookStack role limited to the actions this skill actually needs.
Users have less external context for verifying the publisher or upstream project for this skill package.
The registry metadata does not identify an upstream source or homepage. The included code is visible and simple, so this is a provenance note rather than evidence of malicious behavior.
Source: unknown Homepage: none
Review the included script before use and prefer trusted registry owners or source-linked releases for production credentials.