ClawHub

Academic Paper Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill openly downloads PDFs from Sci-Hub and saves them locally, which matches its stated purpose but carries legal, source-trust, and file-write cautions.

Install only if you are comfortable with the skill contacting Sci-Hub, downloading PDFs from that third-party source, and writing files into your workspace. Check applicable legal or institutional rules before using Sci-Hub, open downloaded PDFs with normal caution, and prefer a dedicated output folder such as research/papers/.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill describes network access, local file writes, and likely browser/shell-style automation, but does not declare permissions. Undeclared powerful capabilities reduce transparency and bypass informed consent, making it easier for a seemingly simple DOI helper to perform broader actions in the workspace or over the network than a user expects.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The documented behavior promises constrained saving to research/papers/, PubMed-related retrieval, and clean filenames, but the actual behavior is broader or less constrained. This mismatch is security-relevant because users may trust the documented scope while the implementation can write elsewhere, accept only DOI input, or produce insufficiently sanitized filenames, increasing the chance of unsafe file placement or operator confusion.

Context-Inappropriate Capability

Medium
Confidence
78% confidence
Finding
The skill uses an external subprocess (`curl`) to perform network access on user-influenced input instead of handling requests in-process. This increases the trust boundary and makes it harder to enforce safe URL validation, timeouts, output handling, and execution policy; in an agent environment, spawning subprocesses is often a meaningful security and containment concern.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description does not clearly warn that invoking it automatically downloads content from an external site and writes PDFs into the workspace. In an agent setting, missing disclosure can cause unanticipated network access and persistent file creation, which is especially risky because the source is Sci-Hub and the action is automatic rather than user-confirmed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script contacts Sci-Hub and writes downloaded content to disk without any consent prompt, policy check, or warning about privacy, legal, and system implications. In an agent/skill context, automatic external fetching and file writes based on user input can expose the environment's IP/user-agent, retrieve untrusted content, and create compliance and operational risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal