Skillv1.0.0

ClawScan security

bib-verify · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 9:34 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose matches its instructions, but it asks you to install and run third‑party Python packages (not provided or pinned) without declaring required binaries or credentials — that gap is risky and unexplained.
Guidance: This is an instruction-only skill that tells you to install and run external Python packages not included in the bundle. Before installing or running: (1) verify the exact PyPI package names and inspect their source code/release pages; (2) prefer installing in an isolated environment (virtualenv or container) and pin specific package versions; (3) be aware the tool will make network requests to CrossRef/arXiv/DBLP and may require LLM-related credentials depending on `litellm` usage — confirm what credentials (if any) are needed and why; (4) if you cannot review the packages' code, treat the operation as higher risk and consider asking the publisher for the implementation or a signed release.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes verifying .bib entries against CrossRef, arXiv, and DBLP which is coherent with the skill name and description. However the manifest declares no required binaries while the runtime instructions assume a Python runtime and pip (e.g., `python -m ...`, `pip install ...`), an inconsistency the publisher did not declare.
Instruction Scope: concernThe runtime instructions direct the agent/user to install and execute a Python module (`cookbooks.paper_review`) that is not included in the skill bundle. Running that module will execute arbitrary third‑party code and network queries; the SKILL.md does not show the implementation or indicate what the module does beyond high‑level behavior.
Install Mechanism: concernThere is no formal install spec in the registry. The README suggests `pip install py-openjudge litellm`, which instructs installing packages from PyPI (or another index) at runtime. Those packages are not pinned to versions nor provided, so you would be pulling and running external code without an audit trail.
Credentials: noteThe skill declares no required environment variables or credentials (CrossRef email is optional). However one dependency is `litellm` which may require LLM API credentials or network access depending on configuration; the SKILL.md does not declare these requirements or how secrets (if any) are used.
Persistence & Privilege: okThe skill does not request permanent presence (always:false) and does not declare modifications to other skills or system settings.