Skill Trust Decision

castreader

Name: castreader Trust Review Report
Item: castreader
Rating: 55
Author: ClawSafe

CastReader skill has undocumented network behavior, undeclared browser automation with anti-detection flags, and uses base64 audio processing that appears legitimate but warrants scrutiny.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 11

Artifacts 16

Violations 4

Findings 5

Most direct threat evidence

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

4 undeclared or violating capabilities were inferred.

Block

Hidden execution and egress

2 high-risk artifacts or egress signals were extracted.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

1 dependency or supply-chain issues need attention.

What drove the risk score up

Undeclared network access +20

SKILL.md does not declare network requests to api.castreader.ai:8123

Undeclared browser automation +15

read-aloud.js launches Puppeteer without network:READ declaration

Anti-detection flag +10

--disable-blink-features=AutomationControlled used in read-aloud.js:51

Most important evidence

Medium Doc Mismatch

Undeclared network requests to external API

All scripts communicate with api.castreader.ai:8123 for TTS services. SKILL.md only describes URL extraction and audio generation workflow but never explicitly declares network:READ permission or the external API endpoint.

scripts/read-url.js:51

Declare network:READ in SKILL.md metadata and document the external TTS API endpoint

Medium Doc Mismatch

Undeclared Puppeteer browser automation

extract.js and read-aloud.js use Puppeteer to launch headless Chrome browsers and manipulate web pages. SKILL.md only mentions 'read-url.js' and 'generate-text.js' scripts, omitting browser automation entirely.

scripts/extract.js:42

Declare browser:WRITE in SKILL.md and document Puppeteer usage for content extraction

Medium Sensitive Access

Automation detection suppression flag

read-aloud.js passes --disable-blink-features=AutomationControlled to Chrome, which suppresses navigator.webdriver detection. While common for legitimate automation, this anti-detection technique is suspicious when combined with undeclared browser access.

scripts/read-aloud.js:51

Remove anti-detection flag unless specifically required for legitimate extension testing

Low Obfuscation

Base64 audio decoding in multiple scripts

Base64-encoded audio from API response is decoded using Buffer.from(audioBase64, 'base64'). While this is legitimate for TTS APIs, the pattern matches high-risk obfuscation signatures and was flagged by pre-scan.

scripts/generate-paragraph.js:94

This appears legitimate for TTS services but should be documented to avoid false positive detection

Low Doc Mismatch

Shell execution via subprocess not declared

read-url.js uses execFileSync to invoke extract.js as a child process. SKILL.md describes 'node scripts/read-url.js' but does not mention that it internally spawns another Node process.

scripts/read-url.js:79

Document internal script orchestration or refactor to use direct module imports

Declared capability vs actual capability

Network Block

Declared NONE

→

Inferred READ

scripts/read-url.js:51 - POST to api.castreader.ai:8123

Filesystem Block

Declared NONE

→

Inferred WRITE

scripts/read-url.js:82 - fs.writeFileSync

Shell Block

Declared NONE

→

Inferred WRITE

scripts/read-url.js:79 - execFileSync('node', ...)

Browser Block

Declared NONE

→

Inferred WRITE

scripts/read-aloud.js:43 - puppeteer.launch()

Suspicious artifacts and egress

Critical Encoded Execution

Buffer.from(audioBase64, 'base64'

scripts/generate-paragraph.js:94

High IP Address

131.0.0.0

scripts/extract.js:42

Medium External URL

https://img.shields.io/badge/OpenClaw-Skill-blue

README.md:3

Medium External URL

https://clawhub.com/castreader

README.md:3

Medium External URL

https://img.shields.io/badge/License-MIT-green.svg

README.md:4

Medium External URL

https://img.shields.io/badge/platform-macOS%20%7C%20Linux%20%7C%20Windows-lightgrey

README.md:5

Medium External URL

https://en.wikipedia.org/wiki/Text-to-speech

README.md:46

Medium External URL

https://notion.so/my-page

README.md:99

Medium External URL

https://chromewebstore.google.com/detail/castreader-tts-reader/foammmkhpbeladledijkdljlechlclpb

README.md:102

Medium External URL

http://api.castreader.ai:8123

README.md:134

Medium External URL

https://castreader.ai

README.md:161

Medium External URL

https://castreader.ai/openclaw

README.md:162

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
puppeteer	`^23.0.0`	npm	No	Version not pinned; auto-updates to latest
crypto	`builtin`	Node.js	No	Standard library module

File composition

11 files · 2592 lines

JSON 2 files · 1222 linesJavaScript 6 files · 1028 linesMarkdown 3 files · 342 lines

Files of concern · 7

package-lock.json JSON · 1208 lines

https://www.patreon.com/feross · https://feross.org/support

scripts/read-aloud.js JavaScript · 280 lines

Automation detection suppression flag

README.md Markdown · 169 lines

https://img.shields.io/badge/OpenClaw-Skill-blue · https://clawhub.com/castreader · https://img.shields.io/badge/License-MIT-green.svg · https://img.shields.io/badge/platform-macOS%20%7C%20Linux%20%7C%20Windows-lightgrey · https://en.wikipedia.org/wiki/Text-to-speech · https://notion.so/my-page · https://chromewebstore.google.com/detail/castreader-tts-reader/foammmkhpbeladledijkdljlechlclpb · http://api.castreader.ai:8123 · https://castreader.ai · https://castreader.ai/openclaw · https://microsoftedge.microsoft.com/addons/detail/niidajfbelfcgnkmnpcmdlioclhljaaj

scripts/read-url.js JavaScript · 214 lines

Undeclared network requests to external API · Shell execution via subprocess not declared

scripts/demo.js JavaScript · 169 lines

https://alistapart.com/blog/post/successful-or-unsuccessful-the-post-good-design-vocabulary/

scripts/generate-paragraph.js JavaScript · 155 lines

Base64 audio decoding in multiple scripts · Buffer.from(audioBase64, 'base64'

scripts/extract.js JavaScript · 87 lines

Undeclared Puppeteer browser automation · 131.0.0.0

Other files · generate-text.js · SKILL.md · castreader-api.md · package.json

Security positives

No credential harvesting or environment variable theft detected

No reverse shell, C2 communication, or data exfiltration patterns found

Base64 usage is for legitimate TTS audio processing, not code obfuscation

Hardcoded IP 131.0.0.0 is part of Chrome's internal UA string, not actual network contact

All file operations confined to /tmp and skill directory

No suspicious file downloads or supply chain indicators beyond unpinned versions