ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Semantic Paper Radar

v0.1.0

Semantic literature discovery and synthesis across arXiv/OpenAlex/PubMed (and optional Google Scholar adapters). Use when users ask for domain must-read pape...

1· 626·5 current·5 all-time
byRoger Yang@rogerrrr18
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes semantic literature discovery across arXiv/OpenAlex/PubMed and the included script implements those exact network queries and ranking logic. Required resources (none) align with the stated purpose.
Instruction Scope
Runtime instructions tell the agent to run the included Python script and optionally call a Scholar-capable tool if present. The workflow intentionally performs network retrievals from public APIs and can export HTML locally. This is in-scope for a literature discovery skill, but it means user queries and terms will be sent to external services; SKILL.md also forces Chinese output by default—an operational/policy choice to be aware of.
Install Mechanism
No install spec is present (instruction-only with an included script). Nothing is downloaded or installed automatically by the skill manifest.
Credentials
The skill requests no environment variables or credentials. All external calls use public APIs (OpenAlex, PubMed, arXiv) and no secret material is required by the code shown.
Persistence & Privilege
always is false and model invocation is normal. The skill does not request persistent platform privileges in the manifest. It may write an exported HTML file if the user requests --export-html / --html-out, which is reasonable for this functionality.
What to consider before installing
This skill appears to do what it says — it queries OpenAlex, PubMed, and arXiv and ranks papers — but take these precautions before installing or enabling it: - Review the full, untruncated script on disk (the preview was truncated). The analysis above used the visible portion; any hidden/truncated code could change this assessment. - Be aware queries are sent to external public APIs (api.openalex.org, eutils.ncbi.nlm.nih.gov, export.arxiv.org). Do not send private or patient-identifiable data through this skill. - Note: the arXiv query uses HTTP (export.arxiv.org) in the visible code (unencrypted); if confidentiality is important, update to HTTPS or confirm arXiv's recommended endpoint. - The tool can export HTML to a path you control; confirm file paths before exporting to avoid accidental overwrites. - The SKILL.md suggests calling an existing Scholar-capable tool if present — ensure any cross-skill calls don't expose tokens/credentials belonging to other skills. - If you require higher assurance, run the script in a sandboxed environment or review the entire file contents locally to ensure there is no unexpected network endpoint or data-exfiltration behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770hk0d2t983c1vdfhpvn4tn827tw6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments