ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Academic Writing Custom

v1.0.0

Provide expert academic writing support for scholarly papers, literature reviews, research methods, and thesis work following strict academic standards and c...

0· 13·0 current·0 all-time
by@wangzhi-collab·fork of @teamolab/academic-writing (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md content is coherent with an academic-writing assistant: formatting, citation, source restrictions, and quality checks are appropriate. However, the published registry metadata (name/slug/owner) does not match the skill files: the top-level name is "Academic Writing Custom" / slug academic-writing-custom, while SKILL.md and _meta.json use "academic-writing" and the ownerId differs. This mismatch is a packaging/provenance inconsistency that should be resolved.
Instruction Scope
Runtime instructions stay inside the stated domain: they focus on writing, citation formats, source restrictions, tables/diagrams, and QA checks. The skill does not instruct reading arbitrary system files, environment variables, or exfiltrating data. It does require verifying that citations link to legitimate academic sources, which implicitly assumes the agent can access those sources.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes installation risk because nothing is downloaded or executed on disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths, which is proportional for a writing assistant. Note: SKILL.md asks to verify external academic sources but does not declare network or credential requirements (network may be available by default on the agent platform).
Persistence & Privilege
always:false and user-invocable:true — the skill does not request permanent/system-wide presence or elevated privileges. It does not attempt to modify other skills or agent-wide configs.
What to consider before installing
This skill appears to be a legitimate academic-writing instruction set, but there are packaging/provenance inconsistencies you should resolve before installing or relying on it: 1) Confirm the skill owner and slug (the registry metadata and the included _meta.json/SKILL.md disagree). Prefer skills with a homepage or known publisher. 2) Test the skill in a safe environment: ask for a short sample (e.g., a 1-paragraph literature summary) and verify that cited references actually exist and links resolve. Despite the skill's rule 'never fabricate citations', LLMs can still hallucinate references—manually spot-check every citation. 3) If you need guarantees about source access (e.g., paywalled databases), clarify whether the agent environment has network access or credentials. 4) If provenance remains unclear or the owner is unknown, avoid installing in sensitive contexts. If you want, provide the registry/owner information and I can suggest concrete checks to validate the skill's origin and behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jcmhh5cbeersfncqaezm8584pdj9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments