Skillv1.0.3

ClawScan security

scholar-paper-downloader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 8:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package's code and docs largely match a paper-downloader tool, but there are a few inconsistencies and safety-relevant choices (explicit Sci‑Hub guidance, a truncated/buggy file, and minor metadata inconsistencies) that you should review before installing or running it.
Guidance: What to consider before installing or running this skill: - Coherence: The code matches the described purpose (searching and downloading open academic PDFs). It does not request secrets or system privileges. - Legal/ethical: The skill generates manual download guides that explicitly list Sci‑Hub mirror URLs and step‑by‑step instructions. If you must comply with your institution or local law, remove or edit those guide templates before use. - Code quality: One bundled script (enhanced_downloader.py) appears truncated/buggy near the end — this could cause crashes or unexpected behavior. Inspect that file (and run tests) before using at scale. - Installation: There is no automatic installer; you should create an isolated Python environment and pip install scripts/requirements.txt before running. Run first with a small query and a disposable output directory to observe behavior. - Network & file safety: The tool makes outgoing HTTP requests to public academic sites and writes PDF and Markdown files locally. Run it on a machine or container where network access and file writes are acceptable. - Audit: If you plan to use it regularly, review the code for any logging/network endpoints you don't expect, remove Sci‑Hub references if you don't want to see them, and fix the truncated script. If you want, I can point to the exact lines that reference Sci‑Hub, show the truncated portion of enhanced_downloader.py, or create a sanitized version of the manual download template that omits Sci‑Hub links.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md and the included Python modules align: searching arXiv/PubMed/PMC/Semantic Scholar and downloading/opening PDFs is exactly what the code implements. The skill does not request credentials or unusual system access. Note: the docs and scripts explicitly generate manual download guides that point users to Sci‑Hub mirrors (manual guidance, not automated use), which is a legal/ethical concern though consistent with the stated 'manual download guide' feature.
Instruction Scope: concernSKILL.md tells the agent to run local Python scripts (batch_downloader.py, doi_query.py, etc.) — those scripts perform network requests and write files under an output directory, which is expected. However: (1) manual_download_guide and enhanced_downloader create guides recommending Sci‑Hub mirror URLs (the skill claims to avoid automated infringement but actively provides step‑by‑step instructions for a circumvention site); (2) one included script (enhanced_downloader.py) is truncated/contains a likely coding error near the end ('guide_file = s…'), indicating packaging corruption or a bug that could crash at runtime. The instructions are otherwise specific (not open‑ended) and reference only local paths and public academic sites/APIs.
Install Mechanism: noteThere is no install spec provided in the skill metadata (no automatic installer), but a requirements.txt is included and the README suggests using pip to install dependencies. That means nothing will be auto‑downloaded by the platform, but users running locally will need to pip install dependencies. The requirements list only common libraries (arxiv, requests, BeautifulSoup, pymupdf, etc.)—no suspicious remote install URLs or extract-from-URL steps. Because the skill includes code files, verify the code locally rather than relying on an automated install step.
Credentials: okThe skill declares no required environment variables or credentials and the code does not try to read secrets or unexpected config paths. Some optional integrations referenced (e.g., Google Scholar via SerpAPI) require external API keys, but those are not declared or required by default. Overall requested environment access is proportionate to the stated purpose.
Persistence & Privilege: okThe skill does not request always:true, does not persistently modify other skills or global agent settings, and only writes files to user-specified output directories. No privileged persistence behavior was observed in the SKILL.md or the code.