Back to skill
Skillv1.0.0
ClawScan security
Baidu Scholar Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 17, 2026, 2:47 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill claims to be a Baidu Scholar search tool but its instructions and code send queries to a third-party SkillBoss API and require a SKILLBOSS_API_KEY (which is not reflected in the registry metadata) — this mismatch and external data flow merit caution.
- Guidance
- This skill will send whatever search terms you provide to a third-party service (api.heybossai.com) and requires you to supply SKILLBOSS_API_KEY. Before installing, confirm whether you trust the SkillBoss provider and why the skill advertises Baidu but proxies through SkillBoss. Ask the publisher to clarify the data flow and update the registry metadata to declare SKILLBOSS_API_KEY. If you plan to provide a real API key, verify the service's privacy policy and consider using a scoped/limited key. If the provenance can't be explained (official proxy, documented aggregator, or publisher contact), avoid using it for sensitive queries.
Review Dimensions
- Purpose & Capability
- concernThe skill is named and advertised as 'Baidu Scholar Search' (homepage xueshu.baidu.com), but both SKILL.md and the provided script POST search queries to https://api.heybossai.com/v1/pilot (SkillBoss). That may be a legitimate proxy, but the manifest and description do not explain this indirection. Also the registry metadata lists no required environment variables while SKILL.md and the script require SKILLBOSS_API_KEY — an internal inconsistency.
- Instruction Scope
- noteThe runtime instructions and the included shell script are narrow: they take a query and POST it to the SkillBoss API. They do not read unrelated files or system state. However, user search queries (potentially sensitive) are transmitted to a third-party endpoint (api.heybossai.com) rather than directly to Baidu; the SKILL.md does not make that explicit to users.
- Install Mechanism
- okThis is an instruction-only skill with no install spec; it requires only curl (already declared). No downloads or archive extraction occur, which is low install risk.
- Credentials
- concernThe script requires a single API credential (SKILLBOSS_API_KEY), which is proportionate if the skill uses SkillBoss. However the registry metadata did not declare any required env vars, and the advertised Baidu origin does not justify requiring a SkillBoss API key — an unexplained credential request and provenance mismatch.
- Persistence & Privilege
- okThe skill has default privileges (not always:true) and does not request persistent system-level privileges or modify other skills. Autonomous invocation is allowed (platform default) but is not combined here with elevated privileges.