Skillv1.1.0

ClawScan security

百度学术助手 (Baidu Scholar Helper) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 7:47 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and declared permissions are consistent with a paper-search-and-download helper: it scrapes Baidu Xueshu and arXiv, downloads PDFs to ~/Desktop/papers, extracts text/images with poppler tools, and summarizes content — no unexplained credential requests or hidden endpoints were found.
Guidance: This skill appears coherent with its stated purpose, but consider the following before installing: 1) It will download PDFs from the web into ~/Desktop/papers — check disk space and run in a directory you control (not as root). 2) It scrapes Baidu Xueshu and may trigger captchas or unexpected redirects; downloaded links can point to arbitrary hosts, so inspect downloads before opening. 3) The scripts call local tools (pdftotext/pdfimages) — install poppler from your OS package manager to avoid third‑party binaries. 4) Because SKILL.md advises performing all steps in one run, the agent may autonomously download multiple papers; run first in a sandbox or manually invoke scripts to verify behavior. 5) If you need stricter privacy/firmware policies, review the scripts yourself (they are included) before use.

Review Dimensions

Purpose & Capability: okName/description (paper search, PDF download, summarization) align with included scripts and declared dependencies (requests, BeautifulSoup, poppler). The required file-write/network permissions and use of pdftotext/pdfimages are proportional to extracting PDFs and model figures.
Instruction Scope: noteRuntime instructions and scripts perform web requests to Baidu Xueshu, arXiv, and Semantic Scholar, parse pages, and download PDFs into ~/Desktop/papers. They also run local external tools (pdftotext/pdfimages) on downloaded PDFs. These actions are consistent with the stated purpose, but the SKILL.md's '一次性完成所有操作，不要分步骤' (perform all steps at once) gives the agent broad discretion to download many files in one run — users should be aware of network, captcha, and disk impact.
Install Mechanism: okNo remote arbitrary binary downloads. Dependencies are standard Python packages (pip) and OS package manager installation of poppler-utils (pdfimages/pdftotext). This is a common, low-risk install pattern.
Credentials: okThe skill requests no environment variables, no credentials, and declares only network and file-write permissions. There are no requests for unrelated secrets or system config paths. Network calls go to expected services (xueshu.baidu.com, arxiv.org, semanticscholar API).
Persistence & Privilege: okalways is false and there is no code that modifies other skills or system agent configuration. The skill writes files only under ~/Desktop/papers and uses /tmp for temp work as declared.