ClawHub

Aminer Open Academic 1.0.5

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AMiner academic-search helper, but users should understand it sends queries to AMiner and uses a token that may incur paid API calls.

Install only if you intend to use AMiner for academic search. Use a revocable token, avoid sensitive or proprietary research queries unless you are comfortable sending them to AMiner, review API pricing before multi-step workflows, and do not paste real tokens into shared transcripts or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The `raw` action resolves an arbitrary name from `globals()` and invokes it if callable, which exposes more functionality than the declared interface of fixed AMiner workflows and API wrappers. While this file does not currently define obviously dangerous local callables, this pattern creates an ambient capability problem: any future helper/imported callable added to the module could become remotely reachable through user-controlled input, bypassing intended allowlists and policy boundaries.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger policy is overly broad and explicitly says the skill should be proactively used even for generic requests like 'check a scholar' or 'find papers.' This can cause unintended activation, sending user queries to an external service without sufficiently specific user intent, increasing privacy and data-sharing risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to obtain and use a token for authenticated requests to a third-party service, but it does not clearly warn that user queries and possibly sensitive research topics will be transmitted off-platform. That omission creates a meaningful risk of unintentional disclosure of user data or credentials to an external API.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs users to place a live Authorization token in requests to an external API but provides no warning about handling, storage, logging, or redaction of that credential. In an agent-skill context, this omission can lead to token leakage through copied examples, debug logs, transcripts, or misuse by downstream tooling that forwards headers to third parties.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal