Skillv2.1.4

ClawScan security

Pubmed Verifier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 4:17 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package is largely consistent with a PubMed/Crossref citation verifier (it reads files, queries PubMed/Crossref, and caches results), but small provenance/version mismatches and undocumented filesystem behavior warrant caution and a quick code review before use.
Guidance: This package appears to implement what it claims: it scans files you point it at, queries PubMed (and optionally Crossref), and stores results in a local SQLite cache (~/.cache/pubmed-verifier/cache.db). Before installing or running it: 1) review scripts/verify_pmids.py (already included) to confirm there are no unexpected network endpoints or file operations beyond the documented cache and report outputs; 2) note the provenance/version mismatches (README/skillhub-meta.json vs registry metadata) — if origin matters, try to confirm the author/source; 3) run it on a non-sensitive sample directory first (or in an isolated environment/container) so it can't accidentally read secrets; 4) if you need to avoid local persistence use the --no-cache option or delete the cache file after use; 5) do not run as root. If you want higher assurance, ask the publisher for a signed release or review the full code to ensure there are no hidden exfiltration paths.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (batch PubMed citation verifier) align with the included code and SKILL.md: the script queries PubMed E-utilities, optionally Crossref, performs fuzzy matching, and outputs reports. Minor inconsistencies: skillhub-meta.json lists version 1.1.0 while registry metadata lists 2.1.4, and README/install instructions reference an owner slug (docsor1212) while the registry owner ID differs. These provenance/version mismatches don't break functionality but reduce confidence in origin/maintenance.
Instruction Scope: noteSKILL.md and the script instruct scanning project directories and parsing citation context from files (.html, .md, .txt, .json, .htm). That behavior is expected for the stated purpose. It will read user files in the specified --source path and auto-parse surrounding text. It also writes a local SQLite cache (~/.cache/pubmed-verifier/cache.db) — this cache path is mentioned in docs but not declared as a required config path in the registry metadata (minor mismatch). Network calls go only to PubMed (eutils.ncbi.nlm.nih.gov) and Crossref (api.crossref.org) as expected.
Install Mechanism: okNo install spec (instruction-only skill) and the code uses only Python standard library. There is no third-party package download or remote installer. This is low-risk from an installer/extract perspective.
Credentials: okThe skill requests no environment variables, no credentials, and the code operates using public APIs (no API key required for basic PubMed queries). The documentation mentions optional API key support for higher PubMed rate limits, but the included code does not appear to require secrets to operate. The only notable resource access is writing a local SQLite cache under the user's home directory.
Persistence & Privilege: noteThe skill does not request elevated platform privileges and 'always' is false. It will create a local cache file (~/.cache/pubmed-verifier/cache.db). It does not appear to modify other skills or system-wide settings. Persisting a cache in the home directory is reasonable for performance, but users should be aware of that local write.