ClawHub

PaperCash — 论文全流程辅助 Skill

Security checks across malware telemetry and agentic risk

Overview

PaperCash is mostly a disclosed academic helper, but it deliberately includes AI-detection evasion and can add unsupported personal research claims to student writing.

Review carefully before installing. Use the search, citation, and formatting features only with appropriate academic review, avoid using the humanize feature to conceal AI authorship or bypass school policies, do not let it add claims about your own research unless they are true, and avoid entering confidential drafts or copied account cookies unless you understand where queries and credentials may go.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly advertises an 'AI detection reduction' feature and gives concrete rewriting tactics such as injecting personal viewpoints and changing sentence style to make generated text appear more human. In an academic-writing skill, this meaningfully facilitates policy evasion and academic misconduct, and the lack of any strong warning or restriction increases the likelihood of misuse.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The configuration section instructs users to place sensitive cookies and proxy settings in a persistent local .env file but provides no warning about protecting credentials, avoiding credential reuse, or the privacy implications of routing academic queries through proxies. This can lead to accidental credential leakage, misuse of session cookies, or unintended exposure of browsing and search traffic.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The core skill description prominently promotes 'AI detection reduction' as a selling point, signaling that the tool is intended to help users disguise AI-authored work. In the academic context, this is especially risky because it directly supports evasion of institutional integrity controls rather than legitimate editing or citation assistance.

Natural-Language Policy Violations

High
Confidence
97% confidence
Finding
The English README repeats the same AI-detection-reduction positioning without any limiting policy language, broadening the audience for misuse. Because it is presented as a standard feature rather than a restricted or cautionary capability, it increases the likelihood that users will adopt the tool for deceptive academic submissions.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill accepts file paths and can export Word documents, yet it does not clearly warn users about local file access, content handling, or where outputs will be written. In a document-processing context, this can expose sensitive academic drafts or cause unintended persistence of private material.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger list contains very broad terms such as "paper", "论文", "文献", and "citation", which are likely to appear in many normal user requests unrelated to this specific skill. This can cause unintended invocation, routing users into a high-impact academic-assistance workflow without clear intent, increasing the chance of inappropriate activation, misuse, or policy-sensitive assistance.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document repeatedly discusses and normalizes '降 AI 率改写' and expansion features as student-facing workflow aids, including language such as '救命稻草' and ranking the feature in product feedback, without a prominent warning that using such functions to evade AI detection or alter text for submission may violate academic integrity rules. In this skill context—an academic paper assistant aimed at students—this is more dangerous because it can facilitate deceptive submission practices and cause users to rely on risky rewriting for coursework, theses, or publications.

Natural-Language Policy Violations

High
Confidence
98% confidence
Finding
The code defines stock first-person inserts such as '从笔者的研究经验来看' and 'Based on the empirical evidence gathered' that can be injected into user text even when those claims are untrue. In an academic-writing skill, this is especially dangerous because it fabricates authorship, experience, and empirical grounding, which can misrepresent the user's work and facilitate academic dishonesty or fraud.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The _inject_perspective function programmatically inserts selected first-person framing into a sentence without verifying truthfulness or obtaining user confirmation. Given the skill's stated purpose of lowering AI-detection rates for papers, this materially increases the risk of deceptive rewriting by making generated text appear personally authored or empirically grounded when it may not be.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function sends keyword-derived content from user-provided text to an external service (`sources.semantic_scholar.search`) as part of plagiarism checking, but this file shows no consent prompt, disclosure, redaction, or privacy guard before transmission. In a paper-writing assistant, users may submit unpublished manuscripts or sensitive academic content, so leaking even extracted phrases to a third-party service can expose confidential research ideas or proprietary text.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code transmits the user’s search query to Google Scholar through a user-configured proxy, which can expose potentially sensitive research topics to both Google and the proxy operator. In a paper-assistance skill, queries may contain unpublished topics, thesis titles, or confidential research directions, and this file provides no disclosure, consent, or trust validation around that exfiltration path.

Ssd 2

Medium
Confidence
96% confidence
Finding
This finding is substantiated by the README's description of rewriting and personal-viewpoint injection to reduce AI detectability. Such guidance is dangerous because it operationalizes deception, helping users transform machine-generated text into something intended to evade detection and misrepresent authorship.

Ssd 2

Medium
Confidence
98% confidence
Finding
The README provides step-by-step tactics—active/passive rewrites, sentence splitting, injecting 'the author believes,' and replacing common AI phrases—that amount to a practical evasion guide. The specificity makes the behavior more dangerous than a vague claim because it lowers the barrier for misuse and encourages intentional concealment.

Ssd 2

Medium
Confidence
95% confidence
Finding
The English feature list semantically advertises AI-detection evasion, extending the same misuse-enabling behavior to an international audience. In context, this is not a neutral editing feature; it is framed as an outcome-oriented method for making AI writing less detectable.

Ssd 2

Medium
Confidence
94% confidence
Finding
The '降AI率改写' feature explicitly aims to reduce AI-detection rates through stylistic manipulation and injected personal voice. This facilitates evasion of academic integrity controls and can be misused to disguise machine-generated work, making the skill context more dangerous because it is targeted at student paper production.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal