Literature Review
ReviewAudited by ClawScan on May 10, 2026.
Overview
The literature-review functionality is mostly aligned, but the skill forces an external AI figure-generation workflow and has dependency/provenance gaps that should be reviewed before use.
Use this skill only if you are comfortable with external academic database searches and local document generation. Before running it, decide whether you want AI-generated figures, confirm any use of the scientific-schematics workflow, and provide only the API keys or contact email you intentionally want sent to providers.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may invoke an additional AI/image-generation workflow, spend extra time or credits, and share review context outside the main literature-review workflow without an explicit user request.
This forces the agent to use another skill and generate external AI figures for every review, even when the user's requested task may not require figures.
**⚠️ MANDATORY: Every literature review MUST include at least 1-2 AI-generated figures using the scientific-schematics skill.** ... **This is not optional.**
Make figure generation opt-in or require user confirmation before invoking another skill/provider, and disclose what data will be sent.
The schematic step may fail, or the agent may try to run a similarly named local/unreviewed script or invoke an undeclared external dependency.
The provided manifest lists the included scripts but does not include scripts/generate_schematic.py, so the documented mandatory workflow depends on missing or unreviewed code or on another skill not contained in this package.
python scripts/generate_schematic.py "your diagram description" -o figures/output.png
Include and review the referenced helper script, or remove the command and clearly document the external skill/provider with explicit user approval.
It is less clear which package/version is authoritative, making updates and trust decisions harder.
The supplied registry metadata identifies a different owner ID, slug, and version for the evaluated package, which is a provenance inconsistency.
"ownerId": "kn70465et53c1486ag0bqptpcn7zj3ng", "slug": "literature-review", "version": "1.2.0"
Publish matching registry and internal metadata before relying on this skill in a controlled environment.
If those variables are set, the skill may send a service API key or contact email to the relevant academic API provider.
The script reads optional API keys and a contact email from the environment for academic-provider requests, while the registry declares no environment variables.
S2_API_KEY = os.getenv("SEMANTIC_SCHOLAR_API_KEY") ... OA_API_KEY = os.getenv("OPENALEX_API_KEY") ... USER_EMAIL = os.getenv("USER_EMAIL", os.getenv("CLAWDBOT_EMAIL", "anonymous@example.org"))Only set provider-specific API keys you intend to use, avoid broad personal environment variables where possible, and declare optional credentials in the skill metadata.
Private or unpublished research topics used as search queries could be visible to those external services.
The literature-search script sends user search queries to multiple third-party academic databases, which is expected for the stated purpose but crosses an external data boundary.
S2_BASE_URL = "https://api.semanticscholar.org/graph/v1" ... OA_BASE_URL = "https://api.openalex.org" ... CR_BASE_URL = "https://api.crossref.org/works" ... PM_BASE_URL = "https://eutils.ncbi.nlm.nih.gov/entrez/eutils"
Avoid entering confidential research details unless you are comfortable sending them to the selected academic APIs.