ClawHub
Back to skill

Security audit

Academic Paper Search

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed academic search helper that sends user queries to SerpApi and Crossref, with no evidence of hidden persistence, destructive behavior, or unrelated data access.

Use a dedicated SerpApi/SearchAPI key if possible, avoid submitting confidential unpublished research or personal data in queries, and prefer scholar-search.mjs for paper discovery while treating web-search.mjs results as general web evidence that should be verified before citation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The implementation uses SerpApi's general Google search engine (`engine=google`) even though the skill is advertised as Scholar-focused academic retrieval. This mismatch can cause the agent to return non-academic web results when users expect paper discovery or source verification, increasing the risk of misleading evidence collection, citation errors, and unsafe downstream reasoning based on low-quality or irrelevant sources.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The CLI help text presents the tool as a generic web search utility, contradicting the manifest's academic-paper and Google Scholar positioning. This discrepancy makes misuse more likely by operators or higher-level agents, who may rely on it for evidence-oriented research while actually invoking a general web search flow, undermining trust and provenance expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal