Back to skill
Skillv1.0.0
ClawScan security
Academic Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 11, 2026, 11:42 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and scope are internally consistent for an instruction-only academic literature search helper, with a few minor gaps (how to produce PPT files and access paywalled full text) but no disproportionate or unexpected requests.
- Guidance
- This skill appears coherent and safe to enable. Before using it: (1) understand it has no built-in way to access paywalled full text (Springer) — supply credentials or accept relying on abstracts/open-access sources; (2) the SKILL.md asks for PPT/report output but provides no tool or format instructions — test how the agent will produce downloadable slides; (3) watch for hallucinated PMIDs/citations — validate PubMed IDs and links the agent provides; (4) confirm compliance with publisher copyright when retrieving or distributing full-text content. If you need automated PPT generation or subscription access, ask for those integrations/credentials explicitly and audit them.
Review Dimensions
- Purpose & Capability
- okName and description match the instructions: the SKILL.md directs the agent to search PubMed/academic databases, extract epidemiology metrics, annotate citations, and produce structured reports/PPT. The skill requests no unrelated credentials or system access.
- Instruction Scope
- noteInstructions are narrowly scoped to web_search, literature selection, data extraction, and citation formatting. Minor gaps: it specifies generating PPTs and structured reports but gives no tool/formatting commands or files to create PPTs; it also references Springer (often paywalled) without requesting credentials or explaining how to obtain/pay for full-text access. The SKILL.md does not instruct reading any local files or environment variables.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; lowest-risk footprint. Nothing is downloaded or written by an installer.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. That is proportionate to the stated purpose; however, the lack of credentials means paywalled sources cannot be accessed without extra configuration.
- Persistence & Privilege
- okalways is false and the skill does not request elevated persistence or modify other skills. Autonomous invocation is allowed by default but is not combined with other privileges here.