Google Scholar Search Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: search Google Scholar and optionally save results, with some normal install and output-file cautions.

Install from a source you trust, avoid copy-pasting remote installer pipelines unless you have reviewed the source, consider pinning dependencies, and save --output files to a dedicated non-critical location. Search queries and author lookups are sent to Google Scholar or related libraries, so avoid private or sensitive research terms if that matters.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

External Script Fetching

Low

Category: Supply Chain
Content: ```bash # Install uv (if not already installed) curl -LsSf https://astral.sh/uv/install.sh | sh # Create virtual environment and install dependencies cd ~/.claude/skills/google-scholar-search-skill
Confidence: 94% confidence
Finding: curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High

Category: Tool Misuse
Content: ```bash # Install uv (if not already installed) curl -LsSf https://astral.sh/uv/install.sh | sh # Create virtual environment and install dependencies cd ~/.claude/skills/google-scholar-search-skill
Confidence: 96% confidence
Finding: | sh

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal