ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Academic Research Hub Pro

v1.0.0

Central hub for academic research — search papers, download documents, extract citations, gather research materials across multiple databases (arXiv, Google...

0· 165·2 current·2 all-time
by@nancliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the listed capabilities (searching multiple databases, extracting citations). However, the skill claims to 'download research documents' and handle 'paywalled papers' without declaring any required credentials, APIs, or tools — a potential mismatch between claimed capability and the resources that would realistically be needed.
!
Instruction Scope
SKILL.md provides a high-level workflow but is vague and grants broad discretion (multi-source search, downloading paywalled papers, 'paywall bypass suggestions'). It does not specify allowed methods, APIs to use, or boundaries (e.g., avoid scraping or disallowed circumvention), so an agent following it could attempt scraping, request user credentials, or perform other actions outside a user's expectations.
Install Mechanism
No install spec or code files are present; this instruction-only skill doesn't write files or fetch binaries during install, which minimizes installation risk.
Credentials
The skill requests no environment variables or credentials, yet claims the ability to access paywalled documents and multiple data sources. If implemented, those features would typically require API keys or institutional credentials; the absence of declared credential requirements is an unexplained gap.
Persistence & Privilege
The skill does not request always-on presence and uses default invocation settings; no elevated persistence or modification of other skills is indicated.
What to consider before installing
This skill is coherent at a high level but leaves important implementation questions unanswered. Before installing or using it, ask the publisher: (1) How will it access Google Scholar and other sources without public APIs — will it use official APIs, third-party services, or web scraping? (2) How does it handle paywalled content — does it require institutional credentials, and will it ever advise or perform paywall circumvention beyond legal alternatives? (3) Will it ever ask you for passwords, cookies, or file access to retrieve papers? If you plan to provide credentials, avoid giving them until you verify the developer and prefer skills that explicitly declare required APIs/permissions. Consider testing the skill in a limited/sandboxed environment and prefer a skill with a known source or repository rather than an anonymous one.

Like a lobster shell, security has layers — review code before you run it.

latestvk9780y6g4qpfcgyayn4rywh52983dg40

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments