Back to skill
Skillv1.0.0
VirusTotal security
Scholar Search Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:58 AM
- Hash
- 4773aaf7aefec33dcbaef74a0c689d0e0628e2089af0da85b4ad95a7e88f7ef3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: scholar-search-skills Version: 1.0.0 The skill bundle is designed for academic paper search and download, performing file system operations (creating directories, downloading PDFs via `wget`, reading/writing CSV/JSON files) and network calls (arXiv, Google Scholar). It also installs another OpenClaw skill (`docling`) using `npx skills add`. While these capabilities are necessary for its stated purpose, they introduce inherent risks such as potential arbitrary file overwrite/read (via `wget` output path or `scripts/score_papers.py` input/output paths) and supply chain risk from installing external skills. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or explicit prompt injection attempts to subvert the agent's core function, but the broad file and network access, combined with user-controlled paths, makes it suspicious rather than benign due to potential vulnerabilities.
- External report
- View on VirusTotal