ClawHub

Google Scholar API

Security checks across malware telemetry and agentic risk

Overview

This research-download skill appears purpose-aligned, but it needs review because its examples can expose a SerpAPI key and it saves search/download results locally.

Install only if you are comfortable using a SerpAPI key and sending research queries to SerpAPI. Avoid examples that print, echo, hardcode, or back up the key; use environment variables or a secret manager, keep downloads scoped to a chosen folder, and use --no-download when you only want search results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill promotes single and batch PDF downloads to local paths but does not clearly warn that it will create directories and write files to disk. In agent environments, silent filesystem writes can surprise users, overwrite expected content, or fill storage when batch operations are used.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to configure a SerpAPI key and use remote search, but it does not explicitly disclose that search queries and associated metadata are sent to the third-party SerpAPI service. This matters because research topics, author names, and download targets may be sensitive and could be logged or retained by that external provider.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly shows setting the SerpAPI key directly in code and passing a literal API key to the client, but does not warn against hardcoding secrets or committing them to source control. This can normalize insecure secret handling and lead users to leak live credentials into repositories, logs, or shared code samples.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The function automatically creates a directory and downloads remote PDF files to the local filesystem based on search results, which causes side effects without an explicit confirmation step or clear warning. In an agent/tooling context, this can surprise users, consume disk space, or persist untrusted content from arbitrary third-party hosts returned by search results.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The CLI always writes search_results.json to the output directory when not in JSON-only mode, creating a local file as a hidden side effect. In agent environments, undisclosed file creation can leak query history, metadata, and downloaded resource details onto disk where users may not expect persistent storage.

Ssd 3

Medium
Confidence
98% confidence
Finding
The debug example prints the SERP_API_KEY directly, which can leak a live credential into terminal output, logs, chat transcripts, notebooks, or monitoring systems. Exposed API keys can be reused by others to consume quota, incur charges, and access the account's search activity context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal