Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ScholarGraph
v1.4.3Academic literature intelligence toolkit for multi-source paper search, analysis, and knowledge graph building with AI assistance.
⭐ 1· 955·10 current·10 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the code and modules: multi-source search, PDF download, concept extraction, analysis, and knowledge-graph building. Required binary (bun) and the AI_PROVIDER env var align with the project's LLM-driven CLI implementation. Optional API keys correspond to the many academic sources the skill integrates with.
Instruction Scope
Runtime instructions and code request network and filesystem access (downloading PDFs, writing a local SQLite DB, saving configs) and they send structured system prompts to LLM providers — this is expected for an LLM-based literature tool. The SKILL.md and code do include explicit system-role prompts (e.g., '只返回JSON格式'), which the repo uses to shape LLM output; that's legitimate here but is the single identified prompt-injection pattern the scanner flagged. No code in the reviewed snippets attempts to read unrelated system state (shell history, other services' credentials) or to POST collected data to unknown endpoints, but a full audit of omitted files (61 omitted) and package.json scripts is recommended.
Install Mechanism
Install uses bun install and a verify command (bun run cli.ts --help), which is typical for a Bun/TypeScript project. This avoids arbitrary archive downloads. However, the registry summary said 'instruction-only' while the package contains many source files and an install entry in SKILL.md — verify what the registry metadata actually installs. Check package.json for any postinstall scripts before running.
Credentials
The skill declares AI_PROVIDER as required and lists many optional API keys (OpenAI, Semantic Scholar, NCBI, IEEE, Serper/SerpAPI, Unpaywall, etc.). Those optional variables are justified by the many external data adapters in the code. No unrelated credentials (e.g., AWS keys, SSH keys) are requested. Still: only provide keys you trust and restrict them (use read-only or scoped keys if available).
Persistence & Privilege
The skill requests filesystem persistence (writes configs and a local SQLite DB) and stores data locally; registry flags show always:false and no special platform privileges. It does not request permanent platform-wide inclusion. This persistence is reasonable for a knowledge-graph tool.
Scan Findings in Context
[system-prompt-override] expected: The code and SKILL.md include explicit system-role prompts to structure LLM output (e.g., '只返回JSON格式'). The static scanner flagged this pattern; for an LLM-driven extraction/analysis tool this is expected. Nevertheless, system prompts can change model behavior — review prompts if you need to ensure they don't instruct undesired actions.
Assessment
This skill appears coherent for academic literature tasks, but take these precautions before installing: 1) Verify the upstream source: the SKILL.md points to a GitHub repo — confirm the repo and its recent commits match the package you get. 2) Inspect package.json for postinstall or install scripts that run arbitrary commands. 3) Run installation and execution in a sandboxed environment (container or VM) the first time. 4) Only provide API keys you control and prefer minimally-scoped/read-only keys; avoid pasting high-privilege credentials. 5) If you rely on privacy, remember the tool performs network calls and persists a local SQLite DB (data/knowledge-graphs.db by default); review or override the configured paths. 6) If you need higher assurance, review the omitted files and any network endpoints they call to check for unexpected telemetry or data exfiltration.Like a lobster shell, security has layers — review code before you run it.
latestvk97fq48zjskfv6bamtkr6a0dp182dem1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📚 Clawdis
Binsbun
EnvAI_PROVIDER