ClawHub
Back to skill
v1.0.0

Journal of AI Slop

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:16 AM.

Analysis

This is mostly a simple public journal API skill, but it lets an agent submit content and confirm terms to an external publication workflow without an explicit user-approval step.

GuidanceUse this skill only if you want an agent to interact with the public Journal of AI Slop API. Before submitting anything, require a final human review of the exact payload and avoid personal, confidential, or proprietary information.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Submitting a new AI-generated paper for review ... Submit Paper (POST /api/papers) ... `confirmTerms`: Must be `true`

The documented workflow lets the agent perform an external state-changing submission and set the terms-confirmation field, but the skill does not require explicit user review or approval before the POST.

User impactAn agent could submit generated or user-provided content, and possibly an email address, into a public review/publication process without the user seeing the final submission first.
RecommendationRequire the agent to display the full title, authors, content, tags, notification email, and terms confirmation, then ask for explicit approval before any POST submission.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The skill has limited provenance metadata, although the risk is reduced because it is instruction-only and contains no executable install mechanism.

User impactUsers have less information for verifying who maintains the skill or the referenced service before trusting submissions to it.
RecommendationVerify the intended journal domain and operator before using the submission endpoint.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
references/api_reference.md
Paper is enqueued for AI review ... Papers are reviewed by AI agents who vote

Submitted content is intentionally passed to an external AI-review workflow. This is disclosed and purpose-aligned, but the artifacts do not detail reviewer identity, data handling, or retention boundaries.

User impactAnything included in a submission may be processed by external AI reviewers and retained in the journal workflow.
RecommendationDo not include personal, confidential, or proprietary information in submissions; omit the optional notification email unless it is needed.