ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

奇绩Mapping爬论文与人才触达工作流

v2.0.0

AI/ML 人才搜索、论文作者发现、实验室成员爬取、GitHub 研究者挖掘与个性化招聘邮件生成 skill。只要用户提到查找 AI/ML PhD、研究员、工程师,抓取实验室成员、OpenReview/CVF 会议作者、GitHub 网络研究者,提取主页/Scholar/GitHub/邮箱/研究方向,识别华人、分...

1· 275·0 current·0 all-time
by@16miku
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The scripts (OpenReview, CVF PDF parsing, GitHub network, lab scraping, Cloudflare email decoding, async httpx) are coherent with the declared purpose of discovering researchers and generating outreach. However, many capabilities implicitly require external credentials/services (GitHub PAT, BrightData MCP token, Feishu app_token/credentials, possibly OpenReview credentials) even though requires.env declares none. That omission is a meaningful inconsistency.
!
Instruction Scope
SKILL.md instructs the agent to run local scripts, download PDFs, extract and aggregate personal contact data (emails, homepages), create and update Feishu (飞书) multi-dimensional tables, and even '识别华人' (identify people of Chinese ethnicity) using surname lists. The instructions also say the skill should auto-trigger whenever the user's request matches a broad set of recruitment tasks (scope creep). These instructions enable mass collection and writing of personal data and require external API usage and credentials that go beyond a simple helper.
Install Mechanism
There is no install spec (instruction-only in registry), which reduces installer risk. But the package includes multiple non-trivial Python scripts that will be executed by the agent/environment if invoked. No remote downloads/install steps are present, so supply-chain risk is lower, but the presence of many runnable scripts increases runtime risk (network I/O, file writes) compared to a pure-doc skill.
!
Credentials
The skill's examples and scripts require sensitive credentials: GitHub Personal Access Token (explicit in github_network_scraper), BrightData MCP token (recommended for anti-scrape bypass), Feishu app_token / API credentials (for reading/updating tables), and possibly OpenReview credentials. None of these required env vars or primary credential fields are declared in the registry metadata — a mismatch that can lead to surprising requests for secrets. Additionally, the skill performs ethnicity identification (Chinese surname heuristics), which is a privacy/ethical concern and increases sensitivity of the data being collected.
Persistence & Privilege
always:false and no explicit system-wide modifications are requested — good. The SKILL.md encourages the skill to be prioritized/auto-triggered when relevant user intents appear; while not an OS privilege, that broad auto-triggering policy combined with the credential/ scraping concerns increases the potential blast radius if allowed to run autonomously. The skill does not request permanent presence or modify other skills.
What to consider before installing
This skill is functionally coherent for research candidate discovery but has several issues you should resolve before installing: (1) Ask the publisher which exact environment variables/credentials are required and why (GitHub token, BrightData token, Feishu app_token, OpenReview creds). Do not provide high-privilege or org-wide tokens; use least-privilege, short-lived tokens in a test account. (2) Review the scripts locally before running — they perform network requests, download PDFs, and will extract and write personal contact data and emails. (3) Be aware of privacy and legal risks: automated scraping of emails, mass outreach, and ethnicity classification may violate site ToS, data-protection laws, or internal policies. (4) Test in a sandboxed environment with a limited dataset and audit logs, and restrict the skill's ability to run autonomously until you confirm behavior. (5) If you need Feishu integration, verify required scopes and prefer a dedicated service account rather than personal credentials. If the publisher cannot justify the undeclared credentials or provide safer operation guidance, treat the skill with caution or avoid installing.

Like a lobster shell, security has layers — review code before you run it.

2026.3.19vk977epbvsqtqbjywge0erq849n836cdmlatestvk977epbvsqtqbjywge0erq849n836cdm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments