swiftscholar-skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: swiftscholar-skill Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'swiftscholar-skill' is benign. The `SKILL.md` provides clear, well-structured instructions for an AI agent to interact with the SwiftScholar HTTP API at `https://www.swiftscholar.net` for academic paper management. It explicitly instructs the agent not to expose the `SWIFTSCHOLAR_API_KEY` in natural language responses, which is a positive security measure. There is no evidence of prompt injection attempts, unauthorized data exfiltration beyond the stated API interaction, malicious command execution, or persistence mechanisms. All files consistently describe the intended functionality without any hidden or harmful directives.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used casually, the agent could consume SwiftScholar quota, submit documents for parsing, or change saved favorites when the user intended only to search or read.
The skill documents API actions that can upload papers and change account favorites. These actions are aligned with the stated purpose, but they are externally visible account operations.
submit paper URLs / PDFs for parsing ... manage / inspect favorites and favorite folders
Use clear instructions for submissions, force re-parsing, and favorites changes; ask the agent to confirm before uploading documents or changing saved account data.
The agent can act through the configured SwiftScholar API key for supported operations such as searching, submitting papers, inspecting usage, and managing favorites.
The skill uses an account-bound bearer token to access SwiftScholar endpoints. This is expected for the integration, but it gives the agent delegated access to the user's SwiftScholar account.
Header: `Authorization: Bearer <SWIFTSCHOLAR_API_KEY>`
Store the API key only in the intended execution environment, avoid pasting it into chat, and use the least-privileged or revocable key available.
PDFs, URLs, and related notes submitted through the skill may leave the local environment and be processed or stored by SwiftScholar.
The skill sends paper URLs or PDF content to the external SwiftScholar service. This data flow is disclosed and purpose-aligned, but paper files may contain sensitive or unpublished information.
Base URL: `https://www.swiftscholar.net` ... `pdfUrl: string` OR `pdfBase64: string` ... `file: binary`
Only submit papers you are comfortable sending to SwiftScholar, and review SwiftScholar's privacy and retention practices for confidential, copyrighted, or unpublished material.