ClawHub

academic-talon(学术利爪)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed academic research helper, but it should be used with trusted GROBID, Zotero, and private-network PDF-server settings.

Install only if you are comfortable with the skill downloading PDFs, sending PDFs to your configured GROBID service, writing to your Zotero library, and storing PDFs/XML cache locally. Use a local or trusted private GROBID endpoint, use a limited Zotero API key, pin dependencies in your own environment, and keep the PDF server bound to localhost or a trusted private network rather than the public internet.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Tainted flow: 'grobid_url' from os.getenv (line 247, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
'consolidateCitations': '1'
            }
            # Set timeout to 5 minutes
            response = requests.post(grobid_url, files=files, data=data, timeout=300)
        
        print(f"Grobid response status code: {response.status_code}")
Confidence
88% confidence
Finding
response = requests.post(grobid_url, files=files, data=data, timeout=300)

Tainted flow: 'params' from os.getenv (line 272, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
}
    
    try:
        res = requests.get(url, params=params, timeout=30)
        res.raise_for_status()
        data = res.json()
Confidence
90% confidence
Finding
res = requests.get(url, params=params, timeout=30)

Vague Triggers

Medium
Confidence
76% confidence
Finding
Overly broad trigger guidance can cause the agent to invoke this skill for generic research requests where users did not intend network searches, PDF downloads, external service calls, or Zotero archiving. This expands the chance of unnecessary data sharing and execution of higher-risk actions in benign conversations. In a skill with download, parsing, and serving capabilities, over-invocation materially increases exposure.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger list contains generic phrases such as 'literature review', 'find papers', and 'research papers' that are likely to appear in ordinary user requests. This can cause the skill to activate unintentionally, expanding its access to research, PDF, and Zotero-related actions when the user may not have intended to invoke this specific skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Local PDF files are transmitted to the configured GROBID service with no explicit trust boundary enforcement or user-facing consent. In an academic research assistant, PDFs often contain unpublished papers, licensed content, or sensitive annotations, so silent upload to a remote endpoint can cause confidentiality breaches.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Required dependencies
requests
python-dotenv
pyzotero
Confidence
97% confidence
Finding
requests

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Required dependencies
requests
python-dotenv
pyzotero
Confidence
95% confidence
Finding
python-dotenv

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Required dependencies
requests
python-dotenv
pyzotero
Confidence
94% confidence
Finding
pyzotero

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
71% confidence
Finding
python-dotenv

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal