Skillv1.0.0

ClawScan security

PaperCash — 论文全流程辅助 Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 3:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: PaperCash's code and instructions mostly match its stated purpose, but it will read user files and send text to external academic search endpoints (and asks for optional cookies/proxy), and it includes an agent hook — these behaviors merit caution before installing.
Guidance: This skill appears to implement what it claims, but take these precautions before installing or giving it sensitive inputs: - It executes the included Python CLI: inspect scripts/papercash.py and the features/ modules yourself if possible. The skill will read files you point it at and send queries (and parts of your text) to external academic services during search and plagiarism checks. - Optional configuration asks for CNKI/WANFANG cookies and a Google Scholar proxy. Do not paste real account cookies or long-lived session tokens into config files unless you trust the author and understand the risk; prefer using only free public sources (Semantic Scholar, arXiv, CrossRef) if privacy matters. - The 'humanize' (降AI率) capability helps evade AI-detection and could facilitate academic misconduct; use responsibly and follow your institution's policies. - Review hooks/session_start.py (and any hook code) before installing — hooks can run at session start and increase the blast radius. - If you decide to use it, run it in an isolated environment (container or VM), avoid supplying sensitive documents to optional sources that require cookies, and monitor outbound network requests (or restrict networking) until you are comfortable with its behavior.

Review Dimensions

Purpose & Capability: okName/description (multi-source paper search, review generation, plagiarism pre-check, AI-rate reduction, citation formatting) align with the included code: multiple source modules, search/format/plagiarism/humanize features, and docx export are implemented. No unrelated cloud credentials or unusual binaries are requested.
Instruction Scope: concernSKILL.md instructs the agent to run the packaged CLI (python scripts/papercash.py ...) which will read files or pasted content and issue HTTP requests to third‑party academic endpoints (Semantic Scholar, arXiv, CrossRef, Baidu Scholar, Google Scholar via proxy, CNKI/Wanfang via cookies). That means user-provided paper text or sentences may be transmitted to external services; the documentation does not strongly call out potential data exposure beyond a short '查重声明'. The 'humanize' feature explicitly aims to reduce AI-detection rates, which is functionally coherent but ethically sensitive.
Install Mechanism: okNo install spec / remote downloads; the repo is instruction-plus-code. Dependencies are standard Python packages (jieba, requests, beautifulsoup4, python-docx) listed in requirements.txt. No suspicious download URLs or archive extraction steps were found.
Credentials: noteRegistry metadata lists no required environment variables; the code supports optional configuration via ~/.config/papercash/.env or .papercash.env for SEMANTIC_SCHOLAR_API_KEY, GOOGLE_SCHOLAR_PROXY, CNKI_COOKIE, WANFANG_COOKIE. Asking for CNKI/Wanfang cookies (to enable those sources) is understandable for scraping, but copying browser cookies can expose account/session tokens — users should be cautious and understand what they paste into env files.
Persistence & Privilege: concernalways:false and normal autonomous invocation are fine. However the package contains a hooks/session_start.py file (hooks are present in the manifest), which may be executed by platform integrations at agent session start. The SKILL.md doesn't document hook behavior; any code run at session start expands the skill's runtime surface beyond explicit commands and should be reviewed before install.