ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Asta Skill

v0.2.2

Domain expertise for Ai2 Asta MCP tools (Semantic Scholar corpus). Intent-to-tool routing, safe defaults, workflow patterns, and pitfall warnings for academi...

1· 78·0 current·0 all-time
byAgents365.ai@agents365-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and declared env var (ASTA_API_KEY) align with an MCP-based Semantic Scholar wrapper. However, the SKILL.md instructs the host to run git and date commands for auto-updates even though the registry metadata lists no required binaries; that's an undeclared dependency and minor incoherence.
!
Instruction Scope
Most runtime instructions stay on-topic (intent→tool mapping, safe fields, workflow patterns, MCP registration checks). The notable exception is the Auto-Update behavior: the skill tells the host to silently run 'git -C <skill_directory> pull --ff-only && date +%s > <skill_directory>/.last_update' once per day. That instructs the agent/host to modify skill files and fetch remote code without explicit, per-update user consent, which expands the skill's operational scope beyond pure intent-routing documentation.
Install Mechanism
There is no formal install spec (instruction-only), which is lower risk. The README and SKILL.md recommend installing via 'git clone' from GitHub (a known release host). The auto-update uses git pull from the GitHub repo — a common pattern but it means code can change after install. No archive downloads or obscure URLs were found.
Credentials
Only ASTA_API_KEY is required and is directly relevant to calling the Asta MCP server via x-api-key. The SKILL.md and agents/openai.yaml consistently reference only that env var.
!
Persistence & Privilege
The skill is not marked 'always:true', which is good, but agents/openai.yaml indicates allow_implicit_invocation (the skill may trigger automatically when relevant). Combined with the auto-update instruction (silent daily git pull), this increases the blast radius: updated code could change behavior between installs and be invoked implicitly. That combination raises operational risk even though each element alone is common.
What to consider before installing
This skill appears to do what it claims (help an agent use Ai2 Asta MCP tools) and only asks for ASTA_API_KEY. The main issues to consider before installing: 1) The SKILL.md instructs the host to run a silent daily 'git pull' in the skill directory and to write a .last_update file — make sure you are comfortable with code being automatically fetched from the GitHub repo and updated without explicit user approval. 2) The auto-update commands require git and shell utilities (date) but the skill metadata does not declare git as a required binary — verify your host supports and restricts these operations. 3) Because the skill allows implicit invocation (it may trigger automatically when relevant), an updated version could change behavior and be invoked without a fresh prompt. Recommended actions: review the upstream GitHub repo to confirm maintainer trustworthiness, prefer manual updates or disable the auto-update step on your host if you need stricter control, limit ASTA_API_KEY privileges if possible (use a key with minimal scope/rate limits), and consider restricting implicit invocation if your host allows that setting.
README_CN.md:80
User-controlled placeholder is embedded directly into generated source code.
README.md:80
User-controlled placeholder is embedded directly into generated source code.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0a9kyvwqdmqsy2vn93r4mx84vxmt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔭 Clawdis
EnvASTA_API_KEY

Comments