ClawHub
Back to skill

Security audit

百度学术助手 (Baidu Scholar Helper)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: search academic sources, download PDFs, and save them locally for research use.

Install only if you are comfortable with the skill making academic-site network requests, running poppler PDF utilities, and saving remote PDFs under Desktop paper folders automatically. For sensitive environments, pin current patched dependency versions and consider running searches in a contained workspace to avoid unwanted files on the main Desktop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to activate on ordinary research-related requests, which can cause the agent to perform network access and file writes without sufficiently explicit user intent. In this skill, activation leads to scraping/searching and automatic PDF downloads, so over-triggering increases the chance of unintended external requests and local file creation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically downloads remote PDFs from arXiv and writes them to a hard-coded Desktop folder during normal execution, without an explicit opt-in or confirmation step. This creates an unsafe side effect for a search utility: it can unexpectedly consume disk space, place untrusted files on the host, and cause the agent to modify the user environment simply by running a query.

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Python dependencies
requests>=2.28.0
beautifulsoup4>=4.11.0
Pillow>=9.0.0
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Python dependencies
requests>=2.28.0
beautifulsoup4>=4.11.0
Pillow>=9.0.0
Confidence
95% confidence
Finding
beautifulsoup4>=4.11.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
# Python dependencies
requests>=2.28.0
beautifulsoup4>=4.11.0
Pillow>=9.0.0
Confidence
98% confidence
Finding
Pillow>=9.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
96% confidence
Finding
Pillow

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal