Skillv1.1.2

ClawScan security

wos-literature-toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 5:36 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions say to run a local Selenium-based web UI and save cookies and PDFs, but the package contains only SKILL.md and no runnable code or install spec, which is an important incoherence and risk signal.
Guidance: Do not run or trust this skill as-is. The SKILL.md refers to scripts (e.g., scripts/web_ui.py) and behaviors (browser automation, cookie persistence, downloading from Sci-Hub/publishers) but the published package contains only the instructions file. Ask the publisher for the actual code and a trustworthy source (repository or release tarball). Before running any downloaded code, review the code so you know where cookies and credentials are saved, whether external downloads are fetched at runtime (and from which URLs), and how errors/logs are handled. Be aware that using Sci-Hub may be illegal in your jurisdiction and that automated crawling of institutional WOS accounts can violate terms of service. If you decide to test, do so in an isolated VM/container, with a throwaway WOS account (if allowed), and after code review or provenance verification.

Review Dimensions

Purpose & Capability: concernThe description promises a Selenium-based web UI script (scripts/web_ui.py) that crawls Web of Science and calls multiple PDF download channels. However the published bundle contains no code files and no install spec. The claimed capabilities (running a Python web UI, controlling Edge via Selenium, contacting Sci-Hub/CORE/Unpaywall/etc.) cannot be implemented by this package as published, which is internally inconsistent.
Instruction Scope: concernSKILL.md explicitly instructs the agent/user to run a local Python script that will open a browser, perform automated login/crawling against WOS, persist cookies, and fetch PDFs from multiple external sources (including Sci-Hub). Those actions involve browser control, credential use, cookie storage, and network calls to third-party sites — but the skill does not provide the code to perform them or specify where cookies/files are stored. The instructions also implicitly request the user to supply WOS credentials and to allow automated browsing, which should be made explicit and scoped.
Install Mechanism: concernThere is no install specification and no code files — normally low risk — but given the runtime instructions require installing Python packages and running a local script, the absence of any shipped code or install mechanism is an incoherence. It's unclear whether essential code is missing from the published bundle or expected to be fetched from an external source at runtime (which would be higher risk).
Credentials: concernThe skill requests no environment variables, which matches the metadata, but requires the user to have a WOS account and Edge browser and promises to persist cookies and write PDFs. The SKILL.md does not declare any config paths or storage locations for cookies or outputs, so there is a mismatch between claimed persistence behavior and declared requirements. Also the use of Sci-Hub and other academic mirror/downloader services is expected for the stated purpose but raises legal/ethical considerations the user should understand.
Persistence & Privilege: okThe skill is not marked 'always: true' and allows user invocation only, which is appropriate. Cookie persistence and file output are normal for this functionality, but the skill does not declare where or how those artifacts are stored — that is a transparency/consent issue but not a manifest privilege misconfiguration.