ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Scholar Search Skill

v0.1.0

Search academic papers on Google Scholar with keyword, author, and year filters, plus access author profiles and export results in JSON format.

1· 813·3 current·4 all-time
by@jackkuo666
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the included python implementation: requests + BeautifulSoup for scraping scholar.google.com and the scholarly library for author profiles. Required capabilities (network access and HTML parsing) align with the stated purpose; no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and README instruct only web scraping of Google Scholar and using the scholarly library for author metadata. The runtime instructions do not ask the agent to read unrelated local files, environment variables, or exfiltrate secrets. The SKILL.md explicitly notes Google Scholar has no official API and that scraping may be blocked.
Install Mechanism
Registry has no formal install spec (instruction-only), but the README provides multiple optional install methods. Two items to watch: (1) a recommended 'curl -LsSf https://astral.sh/uv/install.sh | sh' to install 'uv' — piping a remote shell script to sh carries risk if you don't trust that host; (2) the one-click 'npx skills add https://github.com/...' suggestion may execute tooling that fetches remote code. The Python dependencies themselves (requests, beautifulsoup4, scholarly) are standard and declared in requirements.txt.
Credentials
The skill declares no required environment variables, no secrets, and no config paths. The code does not attempt to access system credentials or unrelated environment values. Network access to scholar.google.com is required and appropriate for the stated purpose.
Persistence & Privilege
The skill does not request always:true or any elevated/always-present privilege. It does not modify other skills or system-wide settings. It appears to operate as a user-invoked CLI/skill.
Assessment
This skill appears internally consistent with its stated goal of scraping Google Scholar and using the scholarly library for author data. Before installing: (1) avoid blindly running remote install commands (e.g., 'curl | sh' or arbitrary 'npx' commands) unless you trust the source — download and inspect scripts first; (2) install and run the Python code inside a virtualenv or container; (3) be aware that scraping Google Scholar can be blocked and may violate Google’s terms of service — consider using Semantic Scholar or PubMed APIs for stable access; (4) note references to Sci-Hub in the README (potential legal/copyright concerns) and decide if you want that linked functionality; (5) if you plan to use the 'scholarly' dependency, verify its behavior and network endpoints; and (6) verify the repository/author provenance (the README points at a GitHub user) before trusting remote install suggestions. These precautions would reduce risk if you choose to install and run this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bj51f1mz4psnsfc86hpf20n81zez2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments