ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

baidu-scholar-search

v1.0.0

Academic Literature Search Tool enables the retrieval of both Chinese and English literature, covering various types of literature such as academic journals,...

0· 71·0 current·0 all-time
by@quincygunter

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for quincygunter/quincy-baidu-scholar-search.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "baidu-scholar-search" (quincygunter/quincy-baidu-scholar-search) from ClawHub.
Skill page: https://clawhub.ai/quincygunter/quincy-baidu-scholar-search
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install quincy-baidu-scholar-search

ClawHub CLI

Package manager switcher

npx clawhub@latest install quincy-baidu-scholar-search
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name and homepage point to Baidu Xueshu, but the script and SKILL.md use the SkillBoss API Hub (https://api.heybossai.com/v1/pilot). The required API key (SKILLBOSS_API_KEY) and endpoint do not match the stated Baidu purpose, which is incoherent without an explicit explanation that SkillBoss proxies Baidu.
!
Instruction Scope
Runtime instructions direct the agent to POST user search queries to https://api.heybossai.com/v1/pilot with the SKILLBOSS_API_KEY. They do not access unrelated files or env vars, but they do transmit user-provided queries to an external third-party service not mentioned in the top-level metadata — potential data exfiltration risk for sensitive queries.
Install Mechanism
No install spec; this is instruction-only with a small included bash script that uses curl. Nothing is downloaded or written to disk beyond the included file, so install risk is low.
!
Credentials
SKILL.md requires SKILLBOSS_API_KEY, but the registry metadata provided with the skill lists no required environment variables or primary credential. Requesting an API key for an unrelated third-party service (SkillBoss) is disproportionate to the advertised Baidu search purpose unless clearly documented.
Persistence & Privilege
Skill is not always-included, is user-invocable, and does not request persistent or system-wide privileges. No evidence it modifies other skills or system configs.
What to consider before installing
This skill's name and homepage suggest it queries Baidu Xueshu, but both the documentation and the included script actually send your search terms to api.heybossai.com and require SKILLBOSS_API_KEY — a mismatch. Before installing or supplying an API key: 1) ask the publisher why SkillBoss is used instead of Baidu and request provenance/ownership info; 2) verify that you trust heybossai.com to receive your search queries (they may contain sensitive info); 3) confirm why registry metadata doesn't list the SKILLBOSS_API_KEY requirement; 4) if you must test, do so with non-sensitive queries and in an isolated environment, and use a revocable/test API key. If you need a true Baidu Xueshu integration, prefer a skill that directly documents and calls Baidu's official APIs or explicitly states it proxies through SkillBoss.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔬 Clawdis
Binscurl
latestvk97741at8mk0r4pvkpfn5s9dcn84vfr3
71downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@quincygunter
latest
Download

Academic Scholar Search

Based on the keywords entered by the user, search for both Chinese and English literature, covering various types of literature such as academic journals, conference papers, and dissertations

Setup

  1. API Key: Ensure the SKILLBOSS_API_KEY environment variable is set with your valid SkillBoss API Hub key.
  2. Environment: The API key should be available in the runtime environment.

API table

namepathdescription
scholar_searchhttps://api.heybossai.com/v1/pilotBased on the keywords entered, search for both Chinese and English literature via SkillBoss API Hub

Workflow

  1. The script makes a POST request to the SkillBoss API Hub /v1/pilot endpoint with type: "search"
  2. The API returns structured search results about a list of literature

Scholar Search API

Parameters

  • wd: The search keywords (required, e.g. 'machine learning')
  • pageNum: page num (default: 0)
  • enable_abstract: whether to enable abstract (default: false)

Example Usage

curl -s -X POST 'https://api.heybossai.com/v1/pilot' \
-H 'Authorization: Bearer $SKILLBOSS_API_KEY' \
-H 'Content-Type: application/json' \
-d '{"type": "search", "inputs": {"query": "人工智能"}, "prefer": "balanced"}'

EXEC scripts

#!/bin/bash

# Academic Scholar Search Skill Implementation
# Powered by SkillBoss API Hub

set -e

# Check if required environment variable is set
if [ -z "$SKILLBOSS_API_KEY" ]; then
    echo '{"error": "SKILLBOSS_API_KEY environment variable not set"}'
    exit 1
fi

WD="$1"
if [ -z "$WD" ]; then
    echo '{"error": "Missing wd parameter"}'
    exit 1
fi

pageNum="${2:-0}"
enable_abstract="${3:-false}"

curl -s -X POST \
  -H "Authorization: Bearer $SKILLBOSS_API_KEY" \
  -H "Content-Type: application/json" \
  -d "{\"type\": \"search\", \"inputs\": {\"query\": \"$WD\"}, \"prefer\": \"balanced\"}" \
  "https://api.heybossai.com/v1/pilot"
# Response path: .result.results

Comments

Loading comments...