ClawHub

Doi Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward DOI lookup helper that uses curl to query DOI.org and Crossref, with no hidden persistence or privileged behavior found.

Installers should understand that DOI values, search terms, and any optional contact email placed in the User-Agent will be sent to DOI.org or Crossref. Use a public contact alias if adding mailto information; otherwise the skill appears proportionate for DOI metadata lookup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

External Transmission

Medium
Category
Data Exfiltration
Content
disponível:

```bash
curl -sG "https://api.crossref.org/works" \
  -H "User-Agent: OpenClaw doi-search (mailto:<email>)" \
  --data-urlencode "query=<termos>" \
  --data-urlencode "rows=5"
Confidence
79% confidence
Finding
https://api.crossref.org/

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal