ClawHub

Semanticscholar Skill

v0.3.0

Use when searching academic papers, looking up citations, finding authors, or getting paper recommendations using the Semantic Scholar API. Triggers on queri...

0· 49·0 current·0 all-time
byAgents365.ai@agents365-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what the code does: s2.py implements Semantic Scholar graph/recommendation/author/paper search functions. The SKILL.md and README ask for python3 and the Semantic Scholar API key, which aligns. Minor mismatch: the runtime requires the third-party Python package 'requests' (mentioned in SKILL.md/README) but the registry metadata only lists python3 and S2_API_KEY — this is a small metadata omission, not a functional mismatch.
Instruction Scope
Runtime instructions are explicit: write a single Python script that imports s2.py and run it once; they direct no broad system access, no reading of unrelated files, and only use the S2 API endpoints. The SKILL.md instructs writing a temp script (e.g., /tmp/s2_search.py) and importing s2 from the skill directory; this is scoped to the skill's purpose.
Install Mechanism
There is no automated install spec (lower-risk). The repo/README instructs cloning the GitHub repo (git clone) and installing 'requests' with pip; that's expected for a Python helper but implies you should trust the upstream GitHub content before cloning/executing. No downloads from untrusted URLs or obscure hosts are present in the package files shown.
Credentials
Only S2_API_KEY (optional for higher rate limits; skill works unauthenticated with stricter limits) is requested and used. The code reads only that environment variable for the x-api-key header. No other credentials, secrets, or unrelated env vars are required.
Persistence & Privilege
The skill is not marked always:true and uses normal agent invocation. agents/openai.yaml sets allow_implicit_invocation: true (platform UI hint that the skill may be suggested automatically), which is not inherently dangerous but means the skill can be suggested/triggered by the agent when users mention papers — this is consistent with its purpose and not excessive.
Assessment
This skill appears to do what it says: it calls Semantic Scholar endpoints using the included s2.py. Before installing or running, (1) review s2.py (it uses the requests library to talk to api.semanticscholar.org and contains rate-limiting/retry logic), (2) install dependencies in a virtual environment (pip install requests) and avoid running arbitrary scripts as root, (3) only supply a Semantic Scholar API key you control (S2_API_KEY); treat it like any API secret, and (4) if you clone the GitHub repo, inspect the files locally before executing any Python scripts. The registry metadata omits the 'requests' pip dependency — ensure you install it. If you want additional assurance, run the helper in an isolated environment or container.

Like a lobster shell, security has layers — review code before you run it.

latestvk976m1a3m60086ppsmc9xgh8tx84f2gm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binspython3
EnvS2_API_KEY

Comments