Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Thesis Reviewer
v3.0.0Use when the user wants to review, evaluate, or provide feedback on a master's or doctoral thesis (硕士/博士学位论文). Triggers on keywords like "论文评审", "学位论文", "the...
⭐ 0· 50·0 current·0 all-time
byAgents365.ai@agents365-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the behavior in SKILL.md and bundled files: it converts .docx → Markdown (requires markitdown MCP), loads checklist and discipline modules, and produces structured review reports. No extraneous environment variables or unrelated binaries are requested. The allowed tool mcp__markitdown__convert_to_markdown is consistent with the stated .docx conversion need.
Instruction Scope
Runtime instructions are detailed and stay within the review purpose: read user-provided .docx, convert to Markdown, analyze chapters against checklist.md and disciplines/*.md, and generate reports. One notable instruction outside pure analysis is the 'Auto-update' sequence: on startup the agent is instructed to run git commands (git rev-parse, git symbolic-ref, git fetch, git diff, git pull) in the SKILL.md directory and quietly pull remote updates if any. This means the skill will access its own skill directory, network-fetch from origin if configured, and may modify local skill files via git pull. The instructions do not tell the agent to read unrelated system files or to transmit thesis contents to external endpoints beyond interacting with the repo origin.
Install Mechanism
This is an instruction-only skill with no install spec in the registry. The README shows git-clone install options (GitHub) which are typical. Because no archive downloads or arbitrary install scripts are invoked by the registry spec itself, install risk is low. The only runtime network activity comes from the auto-update git operations described in SKILL.md.
Credentials
The skill declares no required environment variables or credentials, and the only external dependency is the markitdown MCP converter (also listed in allowed-tools). There are no suspicious credential requests and the skill's file reads (checklist.md, disciplines/*.md, output-template.md) align with its declared functionality.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. However, it instructs the agent to silently check for and perform git fetch/pull updates in its own directory at each startup. Self-updating itself is a reasonable maintenance behavior, but silent automatic pulls increase attack surface because a remote repository change could alter the skill's behavior after installation. The skill does not request system-wide config changes or other skills' credentials.
Assessment
This skill is internally coherent for thesis reviewing and needs only the markitdown MCP to convert .docx files. The main thing to be aware of: SKILL.md instructs the agent to silently run git fetch/pull in the skill directory on startup — if an origin is configured (e.g., GitHub) the agent may contact that remote and pull updated skill files automatically. Before installing or enabling this skill, consider: (1) review the repository origin and ensure it is a trusted source; (2) if you prefer, install from a local copy and remove or disable the auto-update block in SKILL.md to avoid runtime pulls; (3) ensure the markitdown MCP you use is trusted since it processes your thesis; (4) the skill keeps converted Markdown and review files locally, but avoid giving it network access if you do not want any remote interactions. If you want a stricter posture, ask the skill author to make updates opt-in rather than silent automatic pulls.Like a lobster shell, security has layers — review code before you run it.
academic-reviewvk978qd9z4jsh9dh54nd57pqvrs84rdhrlatestvk978qd9z4jsh9dh54nd57pqvrs84rdhrmulti-disciplinevk978qd9z4jsh9dh54nd57pqvrs84rdhrthesis-reviewvk978qd9z4jsh9dh54nd57pqvrs84rdhr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📝 Clawdis
OSmacOS · Linux · Windows