Literature Reviewer Skill
Security checks across malware telemetry and agentic risk
Overview
The skill’s literature-review purpose is coherent, but it should be reviewed before use because it can use and persist browser login sessions and its isolation claims are not fully supported by the supplied files.
Install only if you are comfortable with browser automation using logged-in academic sessions. Prefer a separate browser profile or isolated container, verify the Docker/network controls yourself, clear persisted browser-data volumes after use, and review any GitHub install/update source before trusting it.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may act through already logged-in academic or institutional accounts while searching or downloading literature.
The skill explicitly expects access to browser cookies and login state, but the registry declares no primary credential and the artifacts do not clearly bound which browser profile or sessions are used.
"将访问用户浏览器的 cookies 和登录状态"
Use a separate browser profile or isolated container account, avoid sensitive personal sessions, and require explicit approval before authenticated browsing or downloads.
Logged-in browser sessions could remain available after the literature-review task finishes.
The Docker configuration persists browser data specifically for login state, but the artifacts do not show cleanup, retention limits, or an opt-in switch despite the comment saying optional.
# 浏览器数据(可选,用于持久化登录状态) - browser-data:/home/researcher/.cache/ms-playwright
Make persisted browser state explicitly opt-in, document how to clear the volume, and prefer short-lived profiles for each review session.
Users may overestimate the protection provided by Docker and run authenticated browser automation with less caution.
The README claims Docker restricts network access to declared domains, but the supplied Docker Compose artifact only shows a bridge network and does not demonstrate domain allowlist enforcement.
Docker 优势: - ✅ 网络隔离,只能访问声明的域名
Do not rely on the stated domain restriction unless you add enforceable egress controls; update the documentation to match the actual Docker configuration.
The agent can interact with academic websites on the user’s behalf and extract page data.
The skill uses browser automation, form filling, page evaluation, and extraction. This is central to the literature-search purpose, but these are broad browser-control capabilities.
使用 `browser_navigate` 和 `browser_fill_form` 等工具访问数据库网页... 提取示例(使用 browser_evaluate)
Supervise authenticated sessions, pause for CAPTCHAs or paywalls, and confirm downloads or account-affecting actions.
Future installs or updates could differ from the reviewed package.
The documented installation path clones a live GitHub repository and enables update checks. This is disclosed and user-directed, but it is not pinned to a reviewed commit in the supplied artifacts.
installation: method: git_clone url: https://github.com/stephenlzc/AI-Powered-Literature-Review-Skills.git ... updates: auto_check: true
Install from a reviewed tag or commit hash and disable or review automatic update checks in sensitive environments.
Your research topic and collected literature data remain on disk and may be reused by later workflow steps.
The workflow persistently stores the research topic, retrieved paper metadata, analyses, and outputs in session directories.
sessions/{YYYYMMDD}_{topic_short}/
├── metadata.json
├── papers_raw.json
├── papers_analysis.json
└── output/Store sessions in a trusted project directory, remove old sessions when finished, and avoid using sensitive unpublished research topics unless you are comfortable with local persistence.