Skillv1.0.1

ClawScan security

Paper Searcher | 文献搜索器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:38 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested capabilities, instructions, and optional credential needs align with a literature-search + Zotero-import workflow and contain no disproportionate or unexpected requirements.
Guidance: This skill appears coherent and limited to literature search + optional Zotero import. Before installing or enabling it: (1) only provide a Zotero API key if you intend to import items and store that key in a secure secret store (not in chat); (2) confirm that the agent will always ask for explicit confirmation before any import (the SKILL.md requires this); (3) be aware the skill may instruct the agent to use external search tools or browse publisher pages—avoid supplying unrelated service credentials; and (4) if you need an added safety layer, refuse to supply Zotero credentials and perform imports manually after reviewing the pre-import shortlist. If you want further assurance, request the agent to log actions (which sources were queried, which items were verified, and the exact commands/requests used) before performing any import.
Findings: [no-findings] expected: The regex scanner found nothing, which is expected because the skill is instruction-only (no code files). Absence of findings is not proof of safety, but here it aligns with the manifest.

Review Dimensions

Purpose & Capability: okName and description match the instructions and manifest. The skill is an instruction-only workflow for multi-source literature search and optional Zotero import. External tools (paper-search CLI, zotero-mcp) and Zotero credentials are explicitly documented as optional; nothing in the manifest or SKILL.md asks for unrelated cloud credentials, system access, or elevated privileges.
Instruction Scope: okSKILL.md stays on-topic: it describes how to plan searches, run multi-source queries, deduplicate and verify metadata, present a pre-import review, and only import to Zotero after user confirmation. It does not instruct the agent to read arbitrary system files, harvest unrelated environment variables, or exfiltrate data. The file references only reliable metadata sources (DOI pages, PubMed, Europe PMC, publisher pages) and a local SOP file included in the package.
Install Mechanism: okThere is no install spec and no code files—this is instruction-only. That minimizes disk writes and arbitrary code execution risk. The skill documents optional external tools but does not perform downloads or install steps itself.
Credentials: okOptional environment variables (ZOTERO_API_KEY, ZOTERO_LIBRARY_ID, ZOTERO_LIBRARY_TYPE) are declared and only required for Zotero import. The SKILL.md explicitly states imports occur only after user confirmation and that credentials must come from environment variables or a secure secret store. No unrelated secrets or a large set of opaque credentials are requested.
Persistence & Privilege: okThe skill is not always-enabled (always: false) and does not request persistent privileges or modify other skills. It follows least privilege: Zotero import is optional and gated by explicit user confirmation.