critical
suspicious.dangerous_exec
- Location
- paper-viz/scripts/pdf-figure-extractor.ts:244
- Finding
- Shell command execution detected (child_process).
ScholarGraph
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.dangerous_exec, suspicious.env_credential_access
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users may have less registry-level assurance about where the code came from or how installation should be reproduced.
Why it was flagged
The registry context lacks a verified source/homepage/install spec, while the skill itself contains runnable code and separately documents an install command. This is a provenance and review-context gap, not proof of unsafe behavior.
Skill content
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Recommendation
Verify the GitHub repository and package contents before installing, and prefer pinned/reviewed dependencies when running bun install.
NoteMedium Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running visualization/export features may execute local Python tools and process local PDF data.
Why it was flagged
The skill can spawn external commands for PDF/PPT visualization helpers. SKILL.md discloses optional Python dependencies for PDF figure extraction and PPT export, so this appears purpose-aligned.
Skill content
const proc = spawn(cmd, args, {Recommendation
Use these features only with trusted PDFs and a trusted Python environment; review generated output paths before running export commands.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
The skill can use whichever provider API keys are present in the environment or configuration.
Why it was flagged
The code reads AI and academic-provider credentials from environment variables. This is expected for the documented integrations, but it is still sensitive authority.
Skill content
apiKey: process.env.AI_API_KEY, ... ncbiApiKey: process.env.NCBI_API_KEY, ieeeApiKey: process.env.IEEE_API_KEY, coreApiKey: process.env.CORE_API_KEY
Recommendation
Provide only the API keys needed for the task, use least-privilege/provider-scoped keys where possible, and avoid sharing logs or config output that may include keys.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Paper text, research queries, or analysis context may be sent to the selected AI provider.
Why it was flagged
The skill discloses that it sends prompts and analysis context to external AI providers. This is central to the skill's purpose but affects privacy boundaries.
Skill content
**LLM Integration**: Sends custom system prompts to AI providers for structured JSON output (concept extraction, paper analysis, etc.)
Recommendation
Do not use external-provider modes for confidential drafts or private research unless the provider terms and data-retention policy are acceptable.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Local research data and AI-derived knowledge graphs may remain on disk after a session.
Why it was flagged
The skill persists generated knowledge graphs and research metadata locally. This is disclosed and purpose-aligned, but persisted summaries or extracted concepts can be reused later.
Skill content
Stores data in local SQLite database (`data/knowledge-graphs.db`)
Recommendation
Periodically review or delete stored graph/config data if it includes sensitive research topics or drafts.
Findings (3)
critical
suspicious.dangerous_exec
- Location
- paper-viz/scripts/ppt-exporter.ts:256
- Finding
- Shell command execution detected (child_process).
critical
suspicious.env_credential_access
- Location
- shared/ai-provider.ts:29
- Finding
- Environment variable access combined with network send.