Scholar Research
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for academic paper search, with notes for external API queries, optional credentials, local PDF helper tools, and heuristic credibility scoring.
Before installing, verify the package source, avoid confidential search queries, provide API credentials only if needed, and treat credibility scores as helpful but not authoritative without independent verification.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could accidentally install an unverified or wrong package if they follow the placeholder command literally.
The README suggests installing from a placeholder remote GitHub URL while the registry lists no homepage/source; this is a provenance note, not evidence of malicious behavior.
pip install git+https://github.com/yourusername/scholar-research.git
Install only from a trusted, verified repository or the reviewed local artifact.
Academic search queries leave the local environment, and HTTP traffic can expose or allow tampering with queries/results on the network.
Search terms are sent to external academic providers, and the arXiv endpoint is configured over HTTP rather than HTTPS.
"base_url": "http://export.arxiv.org/api/query"
Avoid entering confidential unpublished research queries, and prefer HTTPS endpoints where supported.
If configured, API credentials or contact email may be sent to the relevant academic service.
The code can use an optional OpenAlex token from config for API requests, which is purpose-aligned but should be treated as credential use.
headers["Authorization"] = f"Bearer {self.config['api']['openalex_token']}"Use least-privileged API keys, avoid sharing config files containing tokens, and only provide credentials needed for the intended data source.
Local helper programs may process downloaded PDFs when figure extraction is used.
Figure/text extraction invokes local PDF utilities. This is expected for the figure-extraction feature and is not shown as hidden or automatic.
subprocess.run(["pdftotext", pdf_path, "-"], capture_output=True, text=True, timeout=60)
Use trusted PDF tooling and be cautious when extracting figures from untrusted PDFs.
Credibility scores may look more authoritative than they are, especially for retracted or problematic papers.
The scoring model advertises retraction status as a credibility factor, but the implementation assigns full retraction credit by default rather than performing a real check.
# 7. Retraction status - assume not retracted
scores["retraction_status"] = 100Treat scores as rough heuristics and independently verify retractions, peer-review status, and journal quality for important decisions.