Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Paper review pro
v1.0.0高精度论文检索与检阅系统,支持多源检索、智能筛选、结构化摘要、BibTeX 导出、CCF 评级与综合评分
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (multi-source paper retrieval, summarization, BibTeX export, CCF ranking) match the included code and modules (arXiv/Semantic Scholar search, summarizer, bibtex, scoring). However the code accesses global OpenClaw config (~/.openclaw/openclaw.json) and several environment variables (OPENCLAW_GATEWAY_TOKEN, DASHSCOPE_API_KEY, DASHSCOPE_MODEL, HF endpoints) that are not declared in the skill metadata or SKILL.md as required secrets — this is disproportionate to the claimed purpose because it reaches into user/global configuration for credentials.
Instruction Scope
Runtime instructions tell the agent to run local scripts (config.py, review.py). The code performs web requests (arXiv API + fallback scraping, Semantic Scholar API), calls LLM endpoints (OpenClaw Gateway or Dashscope) and will send prompts and paper text to those endpoints. It also attempts to read ~/.openclaw/openclaw.json for a gateway token and uses environment variables not documented in requires.env. Additionally, review.py sets HF_ENDPOINT and HF_HUB_ENDPOINT at module import time (unconditional assignment), which is out-of-band behavior relative to the SKILL.md instructions.
Install Mechanism
There is no install spec (instruction-only), and code files are present but nothing in the manifest indicates additional binary downloads; this is lower install risk. However, the skill will execute networked Python code when run (no sandboxing implied).
Credentials
The skill metadata declares no required env vars, but the code reads/writes multiple env vars and config locations: it unconditionally sets HF_ENDPOINT and HF_HUB_ENDPOINT, reads OPENCLAW_GATEWAY_TOKEN (and ~/.openclaw/openclaw.json) and may use DASHSCOPE_API_KEY and DASHSCOPE_MODEL. Accessing a global OpenClaw auth token or an API key from the user's home config is sensitive and not justified in SKILL.md; those are effectively undeclared credential accesses.
Persistence & Privilege
always is false (good), and the skill does not request permanent platform-level privileges. However it attempts to read the platform-level OpenClaw config (~/.openclaw/openclaw.json) which may contain gateway auth tokens belonging to the user's environment or other skills. Also review.py modifies HF-related environment variables for the running process, which can affect other code in the same environment.
What to consider before installing
This skill appears to implement the advertised review/search features, but it quietly reads global OpenClaw config (~/.openclaw/openclaw.json) and environment variables (possible gateway/API tokens) and sets HF endpoint env vars without declaring them. Before installing or running: 1) inspect ~/.openclaw/openclaw.json and remove or rotate any sensitive tokens if you don't want them used; 2) run the skill in an isolated environment (dedicated VM or container) if you are worried about credential exposure or HF endpoint overrides; 3) if you don't need LLM features, run with --no-llm and/or disable network access to reduce risk; 4) review the code paths that call external LLM gateways (expansion.py) and the lines that set HF_ENDPOINT/HF_HUB_ENDPOINT in review.py; 5) consider enabling only explicit environment variables you control (set OPENCLAW_GATEWAY_URL and token) rather than allowing the skill to read global config. If you need, ask the author to declare required env/config in SKILL.md and to avoid reading other skills'/global configs.Like a lobster shell, security has layers — review code before you run it.
latestvk9711tpdzskz81ka191byfn19x83wfsq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.