Academic Research Skip
Security checks across malware telemetry and agentic risk
Overview
This appears to be a straightforward academic search and literature-review helper with expected API use and temporary caching, plus minor metadata and dependency disclosure gaps.
This skill looks reasonable for academic paper search and literature reviews. Before installing, be comfortable with your queries/DOIs being sent to OpenAlex or Unpaywall, and with temporary cached results under /tmp/litreview_cache. Also verify the package source and local Python dependencies because the metadata does not fully declare them.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail or behave differently if Python or required Python packages are unavailable, and users should understand that local helper code is being run.
The documented usage depends on running local Python scripts, while the registry/install metadata declares no required binaries or install spec. This is purpose-aligned but under-declared.
python3 scripts/scholar-search.py search "transformer architectures" --limit 10
Verify the source and ensure Python and the requests package are available before using the skill.
Research topics, author names, and DOIs entered into the skill may be visible to external academic API providers.
The skill sends search and DOI-related requests to OpenAlex and, for deep reads, Unpaywall. This is expected for academic lookup but means user-provided topics or DOIs leave the local environment.
BASE = "https://api.openalex.org" ... requests.get(f"https://api.unpaywall.org/v2/{paper['doi']}?email={MAILTO}", timeout=10)Avoid submitting confidential or unpublished research topics if you do not want them sent to these providers.
Generated reviews may reuse cached paper metadata, and cached results may remain on the local machine briefly after use.
The literature-review workflow stores and reuses API responses from a temporary cache for up to 24 hours. The SKILL.md also discloses this cache location.
CACHE_DIR = Path("/tmp/litreview_cache") ... if age < 86400: # 24h cacheClear /tmp/litreview_cache if you want to remove cached research results or force fresh API responses.