Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
literature-search
v1.0.3Find and compile academic literature with citation lists across Google Scholar, PubMed, arXiv, IEEE, ACM, Semantic Scholar, Scopus, and Web of Science. Use for requests like “find related literature,” “related work,” “citation list,” or “key papers on a topic.”
⭐ 6· 2.8k·29 current·32 all-time
by@jpjy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (collect literature and citations) match the instructions. No binaries, installs, or environment variables are requested, which is appropriate for an instruction-only search/aggregation helper. The guidance about subscription services (Scopus/Web of Science) and Google Scholar access is consistent with the stated scope.
Instruction Scope
Overall the SKILL.md stays within the literature-search scope: it asks clarification questions, prefers official/public APIs, avoids scraping restricted sites, and describes de-duplication and citation formatting. One unusual instruction is to prepend the literal phrase "please think very deeply" to the user's input before processing; this is not necessary for the task and is effectively a prompt-manipulation step that may bias model outputs. The skill also allows using user-provided exports or credentials (for subscription resources), which is reasonable but should be handled sensitively.
Install Mechanism
No install spec and no code files are present; this is instruction-only so nothing is written to disk and no external packages are fetched — lowest-risk install profile.
Credentials
The skill declares no required environment variables or credentials. The instructions say to use subscription indexes only if the user provides access (API keys or institutional login) — that is expected for these sources but requires that the user manually decide whether to share credentials. The skill itself does not request or store credentials.
Persistence & Privilege
always: false and no install or persistent behavior is requested. disable-model-invocation is false (normal), so the agent may call this skill autonomously per platform defaults; that is not excessive for its purpose.
Assessment
This skill appears coherent and low-risk, but consider these practical cautions before enabling it: (1) The SKILL.md asks the agent to prepend the phrase "please think very deeply" to inputs — this is unnecessary and may alter outputs; you may want to remove or ignore that step. (2) If you choose to supply subscription credentials or exported files (e.g., Scopus, Web of Science, or Google Scholar exports), treat them as sensitive: provide them only when needed and avoid sharing login/passwords unless you trust the environment. (3) The skill relies on the agent to query multiple sources and reconcile citations — verify provenance and DOIs in the returned lists. (4) Because the skill is instruction-only, there is no persistent storage or installation; if you expect automated background querying, confirm how the agent will be invoked and that you’re comfortable with autonomous use.Like a lobster shell, security has layers — review code before you run it.
latestvk97azd5dsgd5f4d8fppanj9rqs80yqs5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.