Skillv1.0.0

ClawScan security

paper-review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 9:18 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a paper-reviewer tool but the bundle is instruction-only (no code), it asks for model API keys and pip installs that are not declared in the registry, and the pipeline will send full paper content to external model providers — verify packages and keys before use.
Guidance: This skill is plausible for reviewing papers, but exercise caution before using it: (1) It requires model API keys (e.g., OPENAI_API_KEY / ANTHROPIC_API_KEY) though the registry didn't declare them — the keys will allow external model providers to receive your paper content. (2) SKILL.md asks you to pip install third-party packages (py-openjudge, litellm, pypdfium2); install them only in an isolated virtualenv and inspect their source or PyPI page first. (3) No code is bundled with the skill — the instructions expect external software. If you plan to review unpublished/confidential papers, do not provide API keys or upload files until you verify the upstream packages and their privacy policies. Consider asking the publisher/author for a local/offline reviewer tool or requesting the skill author provide source code or a trusted homepage before installing.
Findings: [no_regex_findings] expected: The regex-based scanner found nothing to analyze because this is an instruction-only skill with no code files; this is expected but also means there was no code to vet.

Review Dimensions

Purpose & Capability: noteThe name/description (academic paper review) aligns with the runtime instructions (multi-stage review, BibTeX checks). However the skill is instruction-only and assumes third-party packages (py-openjudge, litellm, pypdfium2) and external model providers; the registry metadata does not declare these dependencies or primary credentials, which is a mismatch between the declared package and what the instructions require.
Instruction Scope: noteSKILL.md explicitly tells the agent/user to install and run an external Python package (python -m cookbooks.paper_review) and to provide files and API keys. It does not instruct reading unrelated files or system secrets, but it will read the entire paper (PDF or TeX package) and send it to external model APIs for multimodal processing — this is within the stated purpose but has privacy implications for unpublished/confidential papers.
Install Mechanism: noteThere is no install spec in the registry (lowest disk-write risk), but SKILL.md instructs pip installing py-openjudge, litellm, and optionally pypdfium2 from PyPI. Installing arbitrary PyPI packages can execute third-party code on the user's machine — moderate risk. The packages referenced are plausible for the described functionality, but the skill does not bundle or vet them.
Credentials: concernAlthough the tool legitimately needs model API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.), the registry declares no required env vars or primary credential. SKILL.md asks for these keys and for an optional CrossRef email. The mismatch (registry declaring no creds while instructions require sensitive API keys) is a proportionality and transparency concern. Also, providing these keys means user data (paper contents) will be sent to the chosen model provider.
Persistence & Privilege: okThe skill does not request always:true, does not require system config paths, and does not modify other skills. It is user-invocable only and does not demand persistent elevated privileges.