Skillv0.3.0

ClawScan security

Semanticscholar Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 8, 2026, 5:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested environment variable (S2_API_KEY) are consistent with a Semantic Scholar search helper; nothing obvious or disproportionate is requested or installed.
Guidance: This skill appears to do what it says: it calls Semantic Scholar endpoints using the included s2.py. Before installing or running, (1) review s2.py (it uses the requests library to talk to api.semanticscholar.org and contains rate-limiting/retry logic), (2) install dependencies in a virtual environment (pip install requests) and avoid running arbitrary scripts as root, (3) only supply a Semantic Scholar API key you control (S2_API_KEY); treat it like any API secret, and (4) if you clone the GitHub repo, inspect the files locally before executing any Python scripts. The registry metadata omits the 'requests' pip dependency — ensure you install it. If you want additional assurance, run the helper in an isolated environment or container.

Review Dimensions

Purpose & Capability: noteName/description match what the code does: s2.py implements Semantic Scholar graph/recommendation/author/paper search functions. The SKILL.md and README ask for python3 and the Semantic Scholar API key, which aligns. Minor mismatch: the runtime requires the third-party Python package 'requests' (mentioned in SKILL.md/README) but the registry metadata only lists python3 and S2_API_KEY — this is a small metadata omission, not a functional mismatch.
Instruction Scope: okRuntime instructions are explicit: write a single Python script that imports s2.py and run it once; they direct no broad system access, no reading of unrelated files, and only use the S2 API endpoints. The SKILL.md instructs writing a temp script (e.g., /tmp/s2_search.py) and importing s2 from the skill directory; this is scoped to the skill's purpose.
Install Mechanism: noteThere is no automated install spec (lower-risk). The repo/README instructs cloning the GitHub repo (git clone) and installing 'requests' with pip; that's expected for a Python helper but implies you should trust the upstream GitHub content before cloning/executing. No downloads from untrusted URLs or obscure hosts are present in the package files shown.
Credentials: okOnly S2_API_KEY (optional for higher rate limits; skill works unauthenticated with stricter limits) is requested and used. The code reads only that environment variable for the x-api-key header. No other credentials, secrets, or unrelated env vars are required.
Persistence & Privilege: noteThe skill is not marked always:true and uses normal agent invocation. agents/openai.yaml sets allow_implicit_invocation: true (platform UI hint that the skill may be suggested automatically), which is not inherently dangerous but means the skill can be suggested/triggered by the agent when users mention papers — this is consistent with its purpose and not excessive.