Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Literature Daily Report
v1.1.0每日科研文献日报生成与管理。当用户请求生成科研日报、更新文献收集脚本或分析研究趋势时激活。支持:(1) 自动抓取 PubMed/bioRxiv/arXiv 最新文献,(2) 语义筛选 AI/生信/病原/真菌等领域,(3) LLM 智能总结与编辑排版,(4) 中文格式报告输出,(5) Zotero 自动录入,(6)...
⭐ 0· 30·0 current·0 all-time
byFang, Chao@biociao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims no required environment variables or binaries in the metadata, but the SKILL.md asks users to place Zotero credentials in ~/.zshrc and the included script references Zotero and knowledge‑graph helper scripts. Requesting Zotero API keys is consistent with the stated Zotero integration, but the metadata omission (no declared env vars) is an incoherence: the skill actually needs credentials but does not declare them.
Instruction Scope
SKILL.md instructs the agent/script to automatically load environment variables from ~/.zshrc, create reports under ~/.openclaw/workspace, sync to a ClawLib directory, push to a Zotero group (BioCiaoLab default group id), and call a knowledge‑graph CLI (kg.py add). Those actions go beyond simple fetching/summarization because they perform writes and network uploads and rely on other scripts (zotero.py, kg.py) at paths under the workspace. The instructions also tell users to write secrets into ~/.zshrc and promise automatic loading — Python code doesn't automatically source shell rc files, so this is inconsistent and could lead to surprising credential access or accidental exfiltration.
Install Mechanism
This is instruction‑only with a bundled Python script; there is no external install/download step or remote archive. That lowers supply‑chain installation risk. However, the script invokes other local helper scripts (zotero.py, kg.py) via fixed paths which could execute arbitrary code if those helper scripts are present or installed later.
Credentials
The SKILL.md requires sensitive environment variables (ZOTERO_API_KEY, ZOTERO_USER_ID, ZOTERO_GROUP_ID) but the skill metadata did not declare any required env vars or primary credential. The code defaults ZOTERO_GROUP_ID to a specific group id (BioCiaoLab) which means, if the code invokes a Zotero upload helper, collected metadata could be added to that group by default. The script also reads os.environ and may call other scripts that themselves use credentials — overall the credential handling is under‑declared and therefore disproportionate to the metadata.
Persistence & Privilege
The skill is not always:true and does not claim elevated platform privileges. It writes files into the user's workspace and ClawLib directories and calls local helper scripts; these behaviors are within the expected scope for a sync/reporting tool but do require the skill to be allowed file and network access. There's no explicit modification of other skills' configs, but dependence on workspace helper scripts increases the attack surface (those scripts could be swapped to exfiltrate data).
What to consider before installing
Before installing or running this skill: 1) Treat it as requiring Zotero credentials even though the metadata omits them — do not place secrets in ~/.zshrc unless you intend to share them. Prefer setting ZOTERO_API_KEY in a restricted environment and verify how the script reads it. 2) Inspect the full literature_collector.py (and any zotero.py / kg.py it calls) for subprocess calls and network endpoints — those helper scripts (paths under ~/.openclaw/workspace/skills/...) could upload data to external services. 3) Verify the default ZOTERO_GROUP_ID (6489333) — if the script uploads to that group by default, you may be sending items to a third‑party collection. 4) If you want to proceed, run the script in a sandbox or isolated environment first, with minimal credentials and with network access limited, and monitor exactly what network requests it makes. 5) Ask the publisher/owner for provenance (homepage, source repo) or request the skill declare its required env vars and endpoints in metadata; lack of provenance combined with automatic uploading behavior is the primary reason this is suspicious.Like a lobster shell, security has layers — review code before you run it.
latestvk97b192aay4zdvqy1andfnd0m983yydv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.