Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Anne Library Downloader
v1.0.0Automates downloading academic PDFs by title, author, DOI, or URL from libraries like ProQuest and EBSCO with auto-login and batch support.
⭐ 0· 64·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md claims full automation, auto-authentication, platform-specific handlers (auth.py, doi_extractor.py, references/config.json), and batch downloads for many providers. The bundle only contains a single scripts/download.py which mostly performs DOI lookups via Crossref, prints suggested sources, and returns 'requires_manual_download'. Several claimed files (scripts/auth.py, scripts/doi_extractor.py, references/config.json) are referenced but not present. The code does minimal platform handling (simple URL pattern matching) and does not implement the core advertised features (automated authenticated downloads).
Instruction Scope
SKILL.md instructs users to export library credentials (ANNE_LIBRARY_URL, ANNE_LIBRARY_USER, ANNE_LIBRARY_PASS) and to install Playwright and browsers. The provided Python script does not read those environment variables or implement authentication; instead it writes a temporary JavaScript Playwright script and invokes 'node' to run it. Instructions ask for credentials and imply automatic login, but the shipped code neither consumes those credentials nor performs the promised auth flows — this is scope creep and an unexplained request for secrets.
Install Mechanism
There is no formal install spec in the package. SKILL.md tells users to run 'pip install playwright requests beautifulsoup4' and 'playwright install chromium', but the Python code generates and executes a Node.js Playwright script via subprocess.run(['node', temp_path]). claw.json lists Python dependencies only; there is no mention of Node or npm dependencies. This mismatch (Python install instructions vs. Node runtime usage) is inconsistent and could lead users to install the wrong runtime or run unexpected binaries. Writing and executing a temporary JS file that is run with node is a potentially risky execution pattern if provenance isn't clear.
Credentials
The SKILL.md asks for library credentials (username/password, library URL) but the skill metadata declares no required environment variables. The only code present does not read these env vars, so asking users to export secrets is unjustified by the shipped implementation. Requesting institutional credentials would be proportionate if the code actually used them, but here the request is undeclared and unused — raising the risk of unnecessary credential exposure if users follow the instructions.
Persistence & Privilege
The skill does not request elevated persistence: always is false, it's user-invocable, and there is no evidence it modifies other skill or system configurations. No install spec writes files permanently beyond any user-run installs (which are outside the package).
What to consider before installing
This package is inconsistent and incomplete. It promises automated authenticated downloads and lists multiple helper scripts, but only contains a single Python script that mainly looks up DOIs and prints manual instructions. Do NOT export or store your library username/password for this skill until you verify the missing files and confirm where credentials are used. Specific red flags: 1) SKILL.md asks you to install Playwright and browsers but the code executes a Node Playwright script — Node/NPM requirements are not documented; 2) referenced files (scripts/auth.py, scripts/doi_extractor.py, references/config.json) are missing; 3) the code spawns a temporary JS file and runs it with node (subprocess), which will execute arbitrary code if the JS content or invocation is changed. Before installing or running: ask the author for the missing scripts or a canonical source repository, review the full implementation to confirm how credentials are used and stored, avoid exporting credentials system-wide (use per-command prompts or a secure secret store), and prefer tools from verifiable sources. If you need automated institutional downloads, consider vetted, actively maintained tools with transparent code and clear credential handling.Like a lobster shell, security has layers — review code before you run it.
latestvk974shmktetvcg3xyqkq0ccj2583mchk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.