Academic Research
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for academic paper search, with modest privacy and provenance notes around external API use, local caching, and undeclared runtime dependencies.
This looks safe to use for ordinary academic research. Before installing, be comfortable with your search terms and DOIs being sent to OpenAlex/Unpaywall, and clear the /tmp/litreview_cache folder if using a shared machine or sensitive research topics.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Research topics and DOIs entered into the tool may be visible to OpenAlex or Unpaywall.
The skill sends search terms, author names, and DOIs to external scholarly API providers. This is expected for the stated purpose, but users should know their research queries leave the local environment.
BASE = "https://api.openalex.org" ... requests.get(url, params=params, timeout=20) ... requests.get(f"https://api.unpaywall.org/v2/{paper['doi']}?email={MAILTO}", timeout=10)Use the skill for non-sensitive research queries, or avoid entering confidential project topics if external API disclosure is a concern.
Cached paper metadata may remain on the local machine temporarily and could affect repeat results until the cache expires or is cleared.
The literature-review workflow stores and reuses API responses from a predictable temporary cache for 24 hours. This is disclosed and purpose-aligned, but it is still local persistence.
CACHE_DIR = Path("/tmp/litreview_cache") ... if age < 86400: ... return json.loads(cache_file.read_text()) ... cache_file.write_text(json.dumps(data))Clear /tmp/litreview_cache on shared machines or when you do not want cached research results retained.
Users have less publisher/source context than they would for a skill with a verified source and declared runtime requirements.
The package includes executable helper scripts, but the registry metadata provides limited provenance and no install/dependency declaration. The visible code is coherent with the purpose, so this is a notice rather than a concern.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill; Code file presence: scripts/literature-review.py, scripts/scholar-search.py
Review the included scripts before use and ensure Python plus the requests package are available from a trusted environment.