v1.0.0

Google Scholar API

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:41 AM.

Analysis

The skill mostly matches its Google Scholar search purpose, but its artifacts expose or encourage unsafe handling of SerpAPI keys.

GuidanceReview and fix the API-key handling before installing: remove or rotate the exposed-looking key, never print SERP_API_KEY, and use a secure environment variable or secrets manager. Install dependencies in an isolated environment and keep PDF downloads limited to user-requested, lawful research use.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/google_scholar_search.py

response = requests.get(pdf_url, headers=headers, stream=True, timeout=30) ... with open(save_path, 'wb') as f:

The skill downloads files from PDF links and writes them to local paths.

User impactThis is expected for a paper-download skill, but it can consume bandwidth, create local files, and may download copyrighted or unavailable content.

RecommendationUse downloads only when requested, keep output directories scoped, and follow copyright and site access terms.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/requirements.txt

google-search-results>=2.4.2; requests>=2.31.0

Dependencies are specified with lower-bound ranges instead of exact pinned versions.

User impactFuture dependency versions could change behavior, though these packages are purpose-aligned for SerpAPI access and HTTP downloads.

RecommendationPrefer pinned, reviewed dependency versions or install in an isolated environment.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

README.md

# api_key = "0430...f53a"  # ❌ 不要这样做！

A published documentation example contains a real-looking API key literal rather than a placeholder.

User impactIf this key is real, others could use or exhaust the associated SerpAPI account; it also indicates unsafe credential hygiene in the artifact.

RecommendationRemove the literal, rotate the key if it is real, and use only unmistakably fake placeholders in documentation.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

print(f"API Key: {os.getenv('SERP_API_KEY')}")

The troubleshooting guidance tells the user or agent to print the secret environment variable.

User impactA user's SerpAPI key could be exposed in chat output, logs, terminals, or saved reports while debugging.

RecommendationDo not print API keys; replace this with a masked check such as whether the variable is set, or show only the first/last few characters.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

scripts/google_scholar_search.py

"api_key": self.api_key ... print(f"Error searching Google Scholar: {e}", file=sys.stderr) ... return {"error": str(e), "organic_results": []}

The API key is placed in request parameters, and raw request exceptions are printed and returned without redaction.

User impactSome HTTP errors can include request URLs or parameters, so the user's API key may be surfaced to logs or agent-visible error output.

RecommendationRedact api_key from any exception text before printing or returning it, and return generic error messages for failed API calls.