X Reader

Fetch, transcribe, and analyze content from URLs, files, or transcripts across multiple platforms, providing personalized, multi-dimensional insights.

This skill generally does what it claims, but it has several privacy and storage implications you should consider before installing: - Third‑party transmission: The skill uses external services (r.jina.ai, api.groq.com, api.fxtwitter.com, and wsrv.nl) to fetch/convert content and proxy images. Fetching/transcribing will send the target URL and/or audio to those services. If that is sensitive, do not provide GROQ_API_KEY or use those fallbacks. - Session files and credentials: The login flow saves Playwright storage_state JSON files (cookies/localStorage) under ~/.x-reader/sessions and will use them for browser fetch fallbacks. Those files contain authentication tokens; the code attempts to set 0o600 permissions but you should verify permissions and only save sessions for accounts you trust being accessed by this tool. - Optional secrets: TG_API_ID and TG_API_HASH (Telegram) and GROQ_API_KEY are only needed for those optional features. Only set them if you know why and trust the code/service. - Local subprocesses and tooling: The skill runs yt-dlp/ffmpeg and Playwright (if installed). These are normal for media transcription but will execute external binaries — install from trusted sources and run in an environment you control. - Traceability: The registry metadata didn't include homepage/source, but the SKILL.md/README reference a GitHub repo. If you plan to use this, verify the upstream repo, review recent commits, and prefer installing from a pinned commit or direct GitHub source you inspected. Recommendations: 1. Review the code (especially calls that POST to external APIs and the login/session saving code) yourself or in an isolated environment. 2. If you are concerned about data exposure, avoid supplying GROQ_API_KEY or Telegram credentials and prefer Jina/Local fallbacks (note: Jina also sends URLs to r.jina.ai). 3. Run the tool in a container or VM if you want to limit persistence and network egress. 4. Inspect and confirm file locations (INBOX_FILE, SESSION_DIR, OBSIDIAN_VAULT) and ensure they are acceptable. Manually set restrictive permissions on session files after login. 5. If you need an offline/self-hosted option, consider replacing remote services (Jina/Groq/FxTwitter/wsrv.nl) with self‑hosted components before using with sensitive data. If you want, I can highlight every place in the repository that transmits data externally or writes session files so you can inspect those calls in detail.

Type: OpenClaw Skill Name: x-reader Version: 0.2.0 The skill is classified as suspicious due to several risky capabilities and potential vulnerabilities, despite implementing notable security safeguards. The `SKILL.md` instruction 'Local file | Read file directly' presents a prompt injection risk, potentially allowing an AI agent to be tricked into reading arbitrary local files if not properly sandboxed. Additionally, while `utils/storage.py` has strong path validation for Markdown output, the `INBOX_FILE` path (defaulting to `unified_inbox.json` or configurable via environment variable) lacks similar robust path traversal protection, potentially allowing an attacker to overwrite an arbitrary file. The skill also performs external network calls, executes `yt-dlp` via `subprocess.run`, and handles sensitive authentication sessions, though these operations are mitigated by a robust `utils/url_validator.py` for SSRF prevention, safe `subprocess.run` usage, and permission setting for session files. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation.