ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baidu Scholar Search Pro

v1.0.0

Baidu Scholar Search — Search Chinese and English academic literature including journals, conferences, dissertations. Best for Chinese research context.

0· 100·1 current·1 all-time
by@nancliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose (searching Chinese/English academic literature) matches the use of curl and a Baidu Scholar API. However, the SKILL.md explicitly states a required environment variable (BAIDU_API_KEY) while the registry metadata lists no required env vars or primary credential. The skill also claims integration with CNKI/Wanfang/VIP but does not explain needed credentials or access mechanisms for those services.
Instruction Scope
Instructions are narrowly scoped: accept a query, call Baidu Scholar API, parse metadata, return structured data. They do not ask the agent to read unrelated files or system state. Note: the doc references external aggregations (CNKI/Wanfang/VIP) without specifying how those are accessed — this could imply additional steps (scraping, cross-service calls) not documented.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes on-disk risk. Declared required binary 'curl' is reasonable for making HTTP requests.
!
Credentials
SKILL.md requires BAIDU_API_KEY, but the registry metadata does not list any required environment variables or a primary credential. That mismatch is an incoherence: if the skill needs an API key, it should be declared. The skill also mentions integration with CNKI/Wanfang/VIP but does not request or document additional credentials those services might require.
Persistence & Privilege
always is false and there is no install step that writes persistent configuration or modifies other skills. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations in this package.
What to consider before installing
This skill is plausible for searching Baidu Scholar, but there are inconsistencies and missing provenance you should resolve before installing. Ask the publisher for: (1) the source code or homepage (none is provided), (2) correct registry metadata that declares BAIDU_API_KEY as a required env var (and any other credentials needed for CNKI/Wanfang/VIP), and (3) exactly which endpoints the skill will call (ensure it only talks to official Baidu/Xueshu endpoints). If you must try it, test in a sandboxed environment and provide a limited, revocable API key with the minimum permissions. Prefer skills with clear source repos and documented credential usage; avoid providing high-privilege or long-lived keys to packages with unknown provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk973hjd1z1t97bpq28aht9rz7983cp2z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
Binscurl

Comments