ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

oldglycine-paper-add-citations

v1.0.0

Automatically adds relevant academic references to research papers. Supports Overleaf project directories, extracts keywords from TeX files, searches Google...

0· 9·0 current·0 all-time
by@oldglycine
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name and description (add references to Overleaf/TeX projects) align with the resources it accesses: reading .tex files, searching Google Scholar, generating BibTeX, and updating a .bib file. No unrelated credentials or system-wide access are requested.
!
Instruction Scope
The SKILL.md claims several runtime actions that are not implemented or are vague in the included TOOL.MD code: (1) SKILL.md promises to create a backup of the project directory, but the code contains no backup logic; (2) SKILL.md promises to insert citation markers into key sections, but the code only appends BibTeX entries and does not modify .tex files to add \cite{} markers; (3) keyword extraction falls back to a placeholder (topics = [...]) indicating missing implementation; (4) the instructions reference using 'scholarly' for Google Scholar searches (valid) but do not describe rate limiting, politeness, or scraping/terms-of-service considerations. These mismatches mean the actual runtime behavior will be different from what users expect unless the missing parts are implemented elsewhere.
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written automatically. TOOL.MD suggests 'pip3 install scholarly bibtexparser pdflatex' — scholarly and bibtexparser are pip packages, but 'pdflatex' is a TeX binary (not a pip package), so the install instruction is incorrect/misleading. No remote downloads or archives are used.
Credentials
The skill requests no environment variables, no credentials, and no config paths. It only reads and writes files inside the provided project directory and performs network queries to Google Scholar via the scholarly library — these are proportional to the stated purpose. There is no evidence of unrelated credential access or exfiltration.
Persistence & Privilege
The skill is not always-enabled, does not request elevated platform privileges, and is instruction-only (no installers or scripts that persistently modify agent configuration). It writes only to project files (custom.bib and ADD.MD) per the provided code.
What to consider before installing
This skill is internally inconsistent rather than obviously malicious: the documentation promises backups and automatic insertion of citation markers, but the included code only reads .tex files, searches Google Scholar via the scholarly library, appends BibTeX entries to custom.bib, and writes an ADD.MD report. Before using: (1) run the tool on a copy of your project (not your real Overleaf project) and inspect files created/modified (custom.bib, ADD.MD); (2) be aware that scholarly scrapes Google Scholar — this may be rate-limited and could violate Google Scholar terms; (3) note that keyword extraction and citation insertion appear unimplemented — expect manual review and edits to .tex files; (4) correct the installation guidance (pdflatex is a system TeX binary, not a pip package) and ensure required Python packages are installed in a controlled environment; (5) if you need automatic insertion of \cite markers or backups, request or implement those features explicitly and re-review the code to confirm behavior. If you lack the ability to review or run the code safely, avoid granting it write access to important projects.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bv3wegcc04mr0ysmaz2219h840s14

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Paper Reference Adder Skill

When to Use

  • When a research paper needs additional citations in specific sections (Introduction, Related Work, Method)
  • When you want to find relevant papers to cite based on the paper's content
  • When you need to ensure no duplicate references are added

How It Works

  1. Backup: Creates a backup of the project directory to prevent data loss
  2. Content Analysis: Reads TeX files and extracts keywords and existing references
  3. Reference Search: Uses Google Scholar (via scholarly library) to find relevant papers
  4. BibTeX Generation: Generates BibTeX entries for new references
  5. Integration: Adds new references to the bib file and inserts citation markers in key sections
  6. Reporting: Generates an ADD.MD file with all added references and their positions

Codes references & Parameters

  • Codes references ref
  • input: Path to Overleaf project directory
  • num_references: Number of references to find (default: 10)
  • output_report: Path for the ADD.MD report (default: ./ADD.MD)

Dependencies

  • scholarly (for Google Scholar search)
  • bibtexparser (for BibTeX handling)
  • pdflatex (optional, for compiling the paper)

Notes

  • Handles existing citations to avoid duplicates
  • Focuses on key sections (Introduction, Related Work, Method) for citation insertion
  • Generates a detailed report of all added references
  • Compatible with Overleaf project structure
  • Uses scholarly library as an alternative to Google Scholar API

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…