Skillv0.1.0

ClawScan security

Call Academic Search Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 15, 2026, 7:28 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instruction-only skill that gives the agent rules for performing academic searches; it requests no credentials, installs, or system access and its requirements are consistent with its stated purpose.
Guidance: This is an instruction-only research helper and appears internally consistent. Before installing: (1) confirm your agent has the scholarly/search tools (e.g., google_scholar_search) the skill expects and review their permissions; (2) be aware the skill instructs the agent to unquestioningly trust external tool results—if you require source verification or cross-checking, add explicit instructions to do so; (3) note the hard word‑count and quoting rules (may affect how results are summarized and could require attention for copyright or citation practices). Because it requests no credentials and installs nothing, the security risk is low, but review how your agent will access and present external sources.

Purpose & Capability: okThe name and description match the SKILL.md: both describe an academic search/research helper. There are no requested env vars, binaries, or config paths that would be unrelated to academic searching.
Instruction Scope: noteThe SKILL.md contains detailed runtime rules for how the agent must conduct research (e.g., prioritize user input, trust external tool results, word-count limits, quoting policy). These instructions stay within the domain of research behavior and do not ask the agent to read local files or exfiltrate environment variables. Note: the document instructs the agent to unconditionally trust real‑time tool results (e.g., Google Scholar) which can cause the agent to accept and propagate incorrect or malicious external content without additional validation—this is a behavioral risk but not a system-access risk.
Install Mechanism: okNo install spec and no code files — instruction-only skill. Nothing will be downloaded or written to disk by the skill itself.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. It does not request access to unrelated services or secrets.
Persistence & Privilege: okalways is false and the skill does not request permanent presence or elevated privileges. It does not modify other skills or system-wide settings.