ClawHub
Back to skill
v1.1.1

aminer-free-search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:15 AM.

Analysis

This is a coherent AMiner academic search skill that uses a declared AMiner API key and read-oriented free API calls, with no artifact evidence of hidden code, exfiltration, persistence, or destructive behavior.

GuidanceThis skill appears safe to install for AMiner free-tier academic lookup. Before using it, understand that your search terms will go to AMiner and that it needs an AMiner API key; store the key securely and use the skill mainly for lightweight paper, scholar, institution, venue, and patent searches.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
ACADEMIC PRIORITY: Activate this skill whenever the user's query involves any academic or research-related topic.

This is broad invocation guidance that may cause the agent to consider the skill for many academic queries, although later instructions constrain it to AMiner free-tier lookup use cases.

User impactThe agent may route more academic questions through this AMiner-search workflow than the user expected.
RecommendationUse this skill when you actually want AMiner-based academic lookup or screening, and prefer not to invoke it for general academic reasoning or writing tasks.
Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Use direct `curl` calls by default. A Python wrapper is not required for this skill.

The skill instructs the agent to make direct HTTP API calls using user-provided search terms. This is central to the skill's purpose and the documented endpoints are read-oriented, but users should recognize that queries are being sent to an external service.

User impactAcademic titles, names, institutions, venues, or patent keywords entered by the user may be transmitted to AMiner during searches.
RecommendationAvoid submitting confidential research topics or private names unless you are comfortable sending them to AMiner; review generated curl commands if the input contains unusual shell characters.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
Before making any API call, verify that the environment variable `AMINER_API_KEY` exists. Never output the token in plain text.

The skill requires an AMiner API key and uses it for authorization. This credential requirement is disclosed and purpose-aligned, with an instruction not to print the token.

User impactThe skill can authenticate to AMiner as the user, so API usage may be associated with the user's AMiner account or quota.
RecommendationUse an AMiner key intended for this purpose, keep it in an environment variable rather than pasting it into chat when possible, and rotate it if it is exposed.