Skillv1.0.0

ClawScan security

Academic Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 7:38 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (multi-database academic search and synthesis) aligns with its instructions and files; it is an instruction-only skill with no extra credentials requested and no opaque install steps, though it relies on networked academic APIs and a google-search helper which have operational and rate-limit caveats.
Guidance: This skill appears internally consistent with its goal of finding and synthesizing academic papers. Before installing, consider: (1) runtime needs — the agent will make outbound web/API requests (arXiv, Semantic Scholar, Google Scholar via a google-search helper) so the agent must have network access; (2) rate limits and robustness — Semantic Scholar has rate limits and benefits from an API key (not required here), and Google Scholar scraping is fragile and may be blocked or violate Google terms; (3) paywalled content — the skill will attempt to locate open-access copies but cannot bypass paywalls; verify any paywalled items through your institution if needed; (4) provenance — the package metadata points to a GitHub repo in package.json/README; if you want stronger assurances, review that upstream repository and the @botlearn/google-search dependency before use; (5) verification — because outputs are API-driven, spot-check returned bibliographic metadata (DOIs, arXiv IDs, venues) when accuracy matters. If you expect heavy or repeated use, consider provisioning a Semantic Scholar API key (to improve rate limits) and be aware of Google Scholar access limitations.

Review Dimensions

Purpose & Capability: okThe name/description (Academic Search) matches the SKILL.md and knowledge files: it documents arXiv, Semantic Scholar, and Google Scholar query strategies, citation analysis, deduplication, and synthesis. The dependency on @botlearn/google-search is declared in manifest/package.json and is consistent with the stated intent to route Google Scholar queries via a helper. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope: noteThe SKILL.md instructs the agent to execute parallel searches against arXiv, Semantic Scholar, and Google Scholar and to follow multi-step screening, deduplication, and citation-graph analysis. That scope is coherent with the stated purpose. Notes of operational relevance: (1) Google Scholar has no official public API and the skill relies on a google-search helper (declared) for Scholar queries — this is fragile and may trigger blocking or ToS issues; (2) the Semantic Scholar usage assumes API access but does not declare or require an API key (Semantic Scholar allows limited unauthenticated requests but higher-rate access requires a key); (3) instructions call out visiting author homepages and external links to find open-access copies, which is expected but means the agent will access arbitrary external URLs.
Install Mechanism: okThere is no install spec and no code will be downloaded/executed by the platform beyond reading the SKILL.md and bundled documentation. This is the lowest-risk install posture. The package manifests and README reference an upstream repo, but nothing in the skill attempts to fetch or run external archives during install.
Credentials: noteThe skill requests no environment variables, credentials, or config paths, which is proportionate. Practical caveat: Semantic Scholar and some scraping helpers can operate unauthenticated at reduced rates — if higher throughput is needed the agent or user might add a Semantic Scholar API key later, but that is not required by this package. No secrets are requested up front, which aligns with the skill's described behavior.
Persistence & Privilege: okalways:false and no special system-level persistence is requested. disable-model-invocation is false (default), meaning the skill can be invoked by the agent autonomously — this is platform default and not flagged alone. The skill does not request modifying other skills or system settings.