Free Novel Search
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: free-novel-search Version: 1.0.0 The skill bundle contains a security vulnerability in `scripts/search_novels.py`, where SSL certificate verification is explicitly disabled using `ssl._create_unverified_context()` when querying external APIs (gutendex.com and openlibrary.org), exposing the agent to man-in-the-middle (MITM) attacks. Additionally, `scripts/check_license.py` contains a syntax error in a function definition (`check_platform legitimacy`), and the documentation includes links to several platforms frequently associated with unauthorized copyrighted content, despite providing legal disclaimers.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A network attacker could tamper with book results or links, potentially causing the agent to recommend unsafe or misleading pages.
The search tool disables HTTPS certificate validation for public API calls, so responses from Gutendex or Open Library could be intercepted or modified without detection.
context = ssl._create_unverified_context() ... urllib.request.urlopen(req, context=context, timeout=10)
Remove ssl._create_unverified_context() and use default HTTPS verification; only handle certificate errors explicitly and visibly to the user.
Users may over-trust that every listed site is legally authorized unless the agent verifies each work or platform before recommending it.
The skill frames its sources as legitimate, but some platform entries are only described as free-reading and do not show a clear license or authorization status in the artifact.
Scope: Public domain works, open-licensed novels, and legitimate free-to-read platforms ... 笔趣阁 | Free Reading | Classic + Web novels | biquge.com.cn
Clearly mark uncertain platforms, prefer official/public-domain sources, and verify licensing status before presenting a site as legal.