ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

EO Workflow: Paper

v1.0.0

学术论文工作流 - 从文献研究到论文发表的完整流程,覆盖论文撰写、格式规范、查重控制

0· 61·0 current·0 all-time
by@467718584
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description promises end-to-end capabilities (real literature screening, 141-expert pool, automated plagiarism control <10%, memory of supervisor preferences). The package has no install, no code, no required credentials or APIs, and no mechanism for accessing external literature/plagiarism services. It also references templates (templates/paper-template.md, templates/ieee-format.md) that are not present. These claims are disproportionate to what is actually supplied.
!
Instruction Scope
SKILL.md is high-level and prescriptive but contains no concrete runtime steps to perform literature retrieval or plagiarism checking. It suggests calling other EO abilities (eo-ability-*, eo-ability-rag) and an invocation '/dream', but there are no explicit instructions on how those integrations are authorized or executed. The instructions do not request or document any data-handling or external endpoints — meaning the described behaviors are underspecified and likely rely on external plugins not enforced here.
Install Mechanism
No install spec and no code files are present, which minimizes direct disk/network risk. However, the skill references templates that are not included; if those are expected, their absence is an inconsistency to clarify.
!
Credentials
The skill requests no environment variables or credentials while claiming features (real literature access, plagiarism checking, persistent memory across sessions) that typically require API keys, accounts, or plugin access. The absence of declared credentials is inconsistent with the claimed integrations and is a red flag for unsupported or hidden dependencies.
Persistence & Privilege
always is false and no special persistence or system-wide config writes are declared. The skill does not request elevated platform privileges in its manifest.
What to consider before installing
This skill reads like a marketing description rather than an actionable integration. Before installing or using it, ask the publisher to clarify: (1) exactly how 'real literature screening' and 'plagiarism control' are implemented — which services/APIs are called and what credentials are needed; (2) where the referenced templates live (they are not included); (3) which eo-ability plugins are required and whether those plugins have access to external services; (4) what data (draft manuscripts, author metadata) will be sent to third-party services and how privacy is preserved. If you need real plagiarism checks or automated literature retrieval, prefer skills that declare the exact APIs/credentials and include or link to the integration code. If the publisher cannot provide concrete integration details, treat the claims skeptically and avoid sending unpublished manuscripts to the skill until clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk9720g8phtkcww8xat46p4hsp984djvg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments