← Back to Skills Marketplace
harrylabsj

Book Review Skill

by haidong · GitHub ↗ · v1.0.4 · MIT-0
cross-platform ⚠ suspicious
335
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install book-review-skill
Description
Expand reading insights into in-depth reviews using local templates only. SAFE VERSION: No external API calls, no filesystem access, no secrets required.
README (SKILL.md)

Book Review Skill (Safe Version)

Expand reading insights into in-depth reviews using local templates only.

🔒 Security Features

  • No External API Calls: All processing happens locally, no data sent to external services
  • No Filesystem Access: Does not read or write to your filesystem
  • No Secrets Required: No API keys, tokens, or credentials needed
  • Privacy First: Your reading insights never leave your local environment

Features

  • 📖 Insight Expansion: Expand short reading notes into in-depth book reviews
  • 🔒 Local Processing: All templates processed locally with no external dependencies
  • 📋 Multiple Formats: Brief, detailed, and comprehensive review options
  • 💡 Related Concepts: Get suggested related learning concepts

Commands

  • /book-review [insight] - Generate a detailed book review
  • /book-review-brief [insight] - Generate a brief review
  • /book-review-related [insight] - Get related concepts for the insight

Usage Examples

/book-review Today I read about deliberate practice and found it very inspiring
/book-review-brief The importance of spaced repetition in learning
/book-review-related How to build effective learning habits

Technical Details

  • TypeScript implementation
  • OpenClaw SDK integration
  • Pure Local Processing: No network calls, no file I/O
  • Version: 1.0.4 (Safe Release)

Safety Assurance

This skill has been specifically designed to address ClawHub security concerns:

  1. No External Dependencies: Removed all external API calls
  2. No Filesystem Access: No reading of local notes or files
  3. No Secrets: No environment variables or API keys required
  4. Transparent Processing: All logic visible in source code

Installation

clawhub install book-review-skill

Requirements

  • Node.js >= 18.0.0
  • OpenClaw >= 2026.3.0
Usage Guidance
The runtime code implements a safe, local-only template reviewer, but the README and examples advertise features (DeepSeek API, note searching, Lunr.js, fs-extra, environment variables for API keys and note paths) that would require filesystem and network access. Before installing: 1) Ask the publisher which variant you will get (safe/local-only vs. a fuller version that reads files and calls APIs). 2) Inspect the installed bundle (dist/bundle.js or dist/index.js) after installation for any fs, net/http, child_process, or process.env access. 3) If you must test, run the skill in an isolated sandbox or VM and monitor outbound network traffic. 4) Prefer the explicit local-only build (the provided src/dist files appear local-only); avoid providing DEEPSEEK_API_KEY or note-path secrets until the author confirms why README differs. If you need higher assurance, request an authoritative source or signed release matching the SKILL.md.
Capability Analysis
Type: OpenClaw Skill Name: book-review-skill Version: 1.0.4 The skill bundle is classified as suspicious due to a major contradiction between its 'Safe Version' claims and its metadata/documentation. While the code in index.js and SKILL.md is benign and limited to local string templates, the README.md and package.json describe a version that requires sensitive credentials (DEEPSEEK_API_KEY) and filesystem access. Furthermore, package.json includes devDependencies for filesystem crawling and indexing (fs-extra, lunr, glob) that are not used in the provided source, suggesting a potential 'bait-and-switch' where users are encouraged to set up sensitive environment variables for a supposedly safe tool.
Capability Assessment
Purpose & Capability
The skill's name, SKILL.md, and the actual src/dist code implement a local template-based book-reviewer that requires no files, network, or secrets — that is coherent. However README.md, architecture docs, and examples repeatedly describe note searching, Lunr.js indexing, fs-extra, and a DeepSeek API integration (including examples setting DEEPSEEK_API_KEY and note paths). That documentation is inconsistent with the code and declared zero requirements, which is unexpected and worth asking the author about.
Instruction Scope
SKILL.md explicitly promises 'No External API Calls', 'No Filesystem Access', and 'No Secrets Required', and the src/dist code abides by that promise (no fs, no network calls, just string templates and local concept map). But README and config examples instruct the user to set DEEPSEEK_API_KEY and configure note paths, and describe modules (Lunr.js, fs-extra) and features (note search, indexing) that would require filesystem and network access. This conflicting instruction surface grants the agent ambiguous authority and could confuse users about what will actually run.
Install Mechanism
No install spec is provided (instruction-only in registry), and the repository contains normal Node packaging files (package.json, build scripts). There are no downloads from untrusted URLs or extraction steps in the metadata. The risk is low from the install mechanism itself; however, the package includes build scripts referencing esbuild and typical dev tooling — standard for Node projects.
Credentials
The registry metadata and SKILL.md declare no required environment variables, and the runtime code does not read any env vars. But README and configuration examples list DEEPSEEK_API_KEY, BOOK_REVIEW_NOTE_PATHS, and other env vars, implying the need for secrets and filesystem access in another (non-shipped) mode. This discrepancy makes it unclear whether secret-bearing env vars might be used in alternate builds or earlier versions.
Persistence & Privilege
The skill does not request always:true, needs no config paths, and its setup/teardown only log messages. It does not modify other skills' configs or request elevated persistence. Autonomous invocation is allowed by default (expected) but not a new concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install book-review-skill
  3. After installation, invoke the skill by name or use /book-review-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
**Major security-focused update: Book Review skill now runs entirely locally with no external dependencies.** - Removed all external API calls, filesystem access, and secret requirements. - Now operates exclusively with local templates—no note searching or external references. - Added three review modes: detailed, brief, and related concepts. - Updated documentation to emphasize privacy, safety, and new commands. - Cleaned up file structure and removed legacy/test code.
v1.0.2
- Bumped version to 1.0.2. - Minor documentation adjustments; updated SKILL.md formatting and metadata with new version.
v1.0.1
- English localization of documentation and descriptions. - Added compiled JavaScript and TypeScript definition files to the dist directory. - Updated usage instructions, feature list, and metadata in SKILL.md. - No functional changes to core features; release includes build-related and documentation improvements.
v1.0.0
Book Review Skill v1.0.0 - 首个版本发布,支持扩展读书心得为有深度的书评 - 可智能从用户笔记库搜索并引用相关内容 - 根据阅读历史个性化推荐相关书籍 - 支持综合多知识点的深度分析 - 支持通过 /book-review 指令快速生成书评 - 依赖环境:Node.js >= 18.0.0,OpenClaw >= 2026.3.0
Metadata
Slug book-review-skill
Version 1.0.4
License MIT-0
All-time Installs 1
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Book Review Skill?

Expand reading insights into in-depth reviews using local templates only. SAFE VERSION: No external API calls, no filesystem access, no secrets required. It is an AI Agent Skill for Claude Code / OpenClaw, with 335 downloads so far.

How do I install Book Review Skill?

Run "/install book-review-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Book Review Skill free?

Yes, Book Review Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Book Review Skill support?

Book Review Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Book Review Skill?

It is built and maintained by haidong (@harrylabsj); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments