ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

hxxra

v1.2.0

Research Assistant skill to search, download, analyze research papers via APIs, and save results to Zotero collections using Python scripts and LLM analysis.

2· 1.2k·0 current·0 all-time
by货又星@cxlhyx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a research assistant (search, download, analyze, save to Zotero). That purpose reasonably requires Zotero and LLM credentials and network access. However, the registry metadata declares no required environment variables or primary credential while the included config.json and scripts clearly expect Zotero API keys and an LLM (OpenAI) API key. This is an internal inconsistency: a user installing based on the registry info would not be warned that secrets are needed.
!
Instruction Scope
SKILL.md and scripts instruct network operations (arXiv API, Google Scholar via scholarly, downloading PDFs, calling an LLM API, and saving to Zotero). The runtime instructions and code also read a config.json and environment variables (ZOTERO_API_KEY, ZOTERO_USER_ID/GROUP_ID, ZOTERO_GROUP_ID, and OpenAI-related values) and will write downloaded PDFs, analysis.json files, and logs into a workspace. The code also modifies proxy environment variables (ALL_PROXY/all_proxy -> socks5://) which is out-of-band relative to a simple 'search/download' description. These file I/O and env manipulations are within the tool's stated goal, but they are not declared in the registry metadata and the proxy change is noteworthy.
Install Mechanism
No install spec in registry (instruction-only), but SKILL.md and the script list pip dependencies (scholarly, pymupdf, pdfplumber, openai). There are no external download URLs or archive installs in the package. Dependency installation via pip is typical, but users should review which packages will be installed and their trustworthiness.
!
Credentials
The code requires Zotero API credentials and a user_id or group_id (or it raises an error) and expects an LLM API key (OpenAI) via config.json or env vars. Registry metadata declared no required env vars — this is a mismatch. The script also reads/modifies proxy-related env variables which could change network routing. Asking for API keys for Zotero and an LLM is proportionate to the stated functionality, but the omission from the declared requirements is misleading and increases risk of accidentally supplying broad credentials without realizing it.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes files into a workspace and logs, which is expected for this kind of tool. It does not appear to modify other skills or global agent configuration.
What to consider before installing
This package contains a real Python script that will perform network operations (arXiv, Google Scholar scraping, PDF downloads), call an LLM (OpenAI), and save items to Zotero. Important points before installing or using: 1) The registry says no credentials are required, but the code needs a Zotero API key and user/group id and an OpenAI API key (from config.json or environment variables). Do not supply those credentials unless you trust the source. 2) Review and edit the included config.json so it does not contain real secrets; prefer environment variables set only at runtime in an isolated environment. 3) The tool alters proxy environment variables (ALL_PROXY/all_proxy -> socks5://) — be aware this may change how your agent routes network traffic. 4) Google Scholar scraping can trigger rate-limiting or violate terms; the tool may attempt to use proxies. 5) Run the script in an isolated VM/container or with network restrictions if you want to limit blast radius. 6) If you will not use the Zotero or LLM features, avoid running the 'save' or 'analyze' commands and remove/clear API keys in config.json. In short: the functionality aligns with a research assistant, but the missing credential declarations and environment manipulation are misleading — proceed only after inspecting/adjusting config.json and understanding which secrets you will provide.

Like a lobster shell, security has layers — review code before you run it.

latestvk979ntbkrgst3qctdehdp74hb182pnbd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments