ClawHub

Literature Manager

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its literature-management purpose, but it needs Review because it can automatically use Sci-Hub and persistent cron-monitored agents without enough user control.

Review before installing. Use it only if you are comfortable with automated external paper lookups, and require explicit permission before any Sci-Hub access or cron-monitored sub-agent work. Avoid running audit.sh on untrusted or unusually named directories until path handling is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill directly instructs downloading paywalled papers from Sci-Hub, a piracy service, and even provides a concrete `curl` example. This is dangerous because it normalizes unauthorized acquisition of copyrighted material and causes the agent to contact a high-risk external service outside legitimate academic access channels.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script explicitly attempts to fetch papers from Sci-Hub, a piracy service that commonly violates publisher terms and may be unlawful in many jurisdictions. In a literature-management skill, this adds an unnecessary high-risk acquisition path that can expose users or operators to legal, policy, and reputational harm, and the embedded comment normalizes its use rather than restricting it.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The script sends user-provided DOI data to external services like NCBI and arXiv without any explicit disclosure, consent flow, or warning that the queried identifier will leave the local environment. While a DOI is not usually highly sensitive, user-supplied URLs or paper targets can still reveal research interests, internal projects, or confidential investigation topics, and the skill context makes such automated outbound sharing plausible and easy to trigger.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The comments frame Sci-Hub as an available strategy and only mention legal implications in a permissive way, which encourages risky or policy-violating behavior instead of preventing it. Because this skill is specifically for literature acquisition, such guidance is more dangerous in context: users are likely to rely on the automation path rather than assess legality or organizational policy themselves.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal