Academic Paper Fetcher

The skill is classified as suspicious due to its interaction with `sci-hub.su`, a domain known for copyright infringement, which introduces inherent supply chain risks (e.g., potential for serving compromised content, though the script only downloads PDFs). Additionally, the `scripts/fetch_paper.py` script allows writing downloaded files to an arbitrary `output_dir` specified via command-line arguments, which could lead to path traversal vulnerabilities if the agent passes untrusted input, despite the `SKILL.md` suggesting a contained path. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence.