ClawHub

Academic Search.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill is a mostly declarative academic paper-search helper with expected external search use and no evidence of hidden, destructive, or credential-seeking behavior.

Reasonable to install for academic literature search. Be aware that your research topics may be sent to external search and academic database services, and consider tightening the trigger phrases if you want to avoid accidental activation on generic research or citation requests.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes very broad terms such as 'research', 'scholar', and 'cite', which are common in normal conversation and can cause the skill to activate outside the user's intended context. Unintended activation can route unrelated requests into this skill's workflow, leading to incorrect handling, interference with other skills, or misuse of external search capabilities.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation rule 'WHEN the user requests academic paper search, literature review, or research discovery' is open-ended and leaves substantial room for interpretation. Because terms like 'research' and 'discovery' are broad, the skill may activate for general informational queries that are not actually requests for academic literature retrieval, increasing the chance of misrouting and unintended behavior.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains very broad terms such as "research," "scholar," "cite," and "citation," which are likely to match many ordinary user requests outside the intended scope of academic paper discovery. This can cause the skill to activate too often, potentially hijacking unrelated prompts and routing users into external search or retrieval flows they did not intend to invoke.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
78% confidence
Finding
The trigger phrase 'find papers' begins with the generic verb 'find', which can overlap with built-in or platform-level find commands and create shadowing or dispatch ambiguity. In practice this can cause the wrong handler to receive user input, reduce predictability, and make it easier for ordinary commands to invoke this skill unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal