Back to skill
Skillv1.0.2
ClawScan security
baidu-scholar-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 15, 2026, 5:17 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to be a Baidu Scholar search tool but actually proxies queries to a third‑party SkillBoss API and the registry metadata omits the required API key — this mismatch and undeclared external data flow are concerning.
- Guidance
- This skill is suspicious because its name/homepage imply it talks to Baidu Scholar, but the code actually sends queries to api.skillboss.co and requires SKILLBOSS_API_KEY (which the registry entry omitted). Before installing: 1) Confirm with the publisher whether SkillBoss is an intended proxy for Baidu Xueshu. 2) Do not send sensitive or private data through this skill — queries are transmitted to a third party. 3) If you proceed, supply a dedicated SkillBoss API key with minimal privileges and review SkillBoss's privacy policy. 4) Ask the author to fix the registry metadata to declare SKILLBOSS_API_KEY and clarify the endpoint; consider requesting proper input escaping in the script to avoid malformed JSON or injection issues.
Review Dimensions
- Purpose & Capability
- concernThe skill name and homepage point to Baidu Xueshu (xueshu.baidu.com), but the implementation sends queries to https://api.skillboss.co/v1/pilot (SkillBoss API Hub). That difference is not explained in the README or description. Also the SKILL.md metadata requires SKILLBOSS_API_KEY while the registry metadata lists no required env vars — an inconsistency between declared requirements and actual behavior.
- Instruction Scope
- concernRuntime instructions and the included shell script only POST the user query to SkillBoss. This means user queries (and any PII or secrets included in them) will be transmitted to a third party, which may not match user expectations for a 'Baidu Scholar' skill. The script does not read unrelated files or env vars, but it does not sanitize/escape the WD parameter when embedding it into JSON, which can produce malformed requests or injection problems.
- Install Mechanism
- okThere is no install spec and the skill is instruction-only with a small bash script that uses curl. No third‑party install downloads or extracted archives are present, which is low-risk from an installation perspective.
- Credentials
- concernThe skill requires an API key (SKILLBOSS_API_KEY) to operate, which is proportionate if the skill truly proxies to SkillBoss — but that requirement is not declared in the registry metadata. Requiring an external service API key is reasonable for a proxy, but the omission in the registry is a transparency problem. Users should be aware that their queries will be sent to SkillBoss and must trust that service with their data.
- Persistence & Privilege
- okThe skill does not request persistent or global privileges: always is false, no config paths, and it does not modify other skills or system settings.