v1.0.0

paper-reader (XuRuitian version)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:38 AM.

Analysis

The skill is mostly a local paper-analysis tool, but it permits Tavily web searches despite claiming no network requests, so private paper details could be shared externally without clear consent.

GuidanceBefore installing, decide whether you are comfortable with local Python/Node scripts, unpinned package installs, Desktop report creation, and a retained latest_analysis.json file. For confidential or unpublished papers, require a local-only workflow or explicit approval before any Tavily/web search, and delete temporary analysis files when finished.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

README.md

无网络请求，无危险命令执行

This local-only safety claim conflicts with the reference prompt's instruction that Tavily or supplemental search may be used, creating a misleading privacy expectation for users.

User impactA user may install or use the skill believing analysis stays fully local when the skill instructions can lead the agent to perform web searches.

RecommendationRemove or qualify the no-network claim, document the optional search behavior, and make a local-only mode the default for private documents.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

python <skill_path>/scripts/extract_text.py <file_path> [-o <输出文件路径>] ... node <skill_path>/scripts/generate_report.js --data <skill_path>/data/latest_analysis.json

The skill instructs the agent to run local Python and Node scripts against document paths and generated data files; this is central to the stated purpose but still gives the skill local read/write capability.

User impactThe skill can read the document path given to it and create output files, so it should only be used with files the user intends to analyze.

RecommendationKeep file inputs user-selected, confirm output paths for sensitive work, and avoid pointing the extraction script at unrelated local files.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

pip install PyMuPDF pdfplumber python-docx openpyxl xlrd python-pptx ... npm install -g docx

The README requires external Python packages and a global npm package without pinned versions; these dependencies are expected for document extraction/report generation but add normal supply-chain exposure.

User impactInstalling unpinned global packages can pull newer or unexpected versions from package registries.

RecommendationInstall dependencies in a virtual environment, pin versions where possible, and use trusted package registries.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusConcern

references/academic_prompt.md

可使用 Tavily 搜索补充最新研究 ... 必要时补充搜索相关交叉领域的研究进展

The skill's analysis template permits use of an external search provider/tool during paper analysis, but it does not specify user approval, query redaction, provider boundaries, or whether uploaded-paper details may be included.

User impactIf the uploaded paper is private or unpublished, titles, abstracts, keywords, or other paper-derived details could be sent to an external search service.

RecommendationDisclose Tavily/web-search use clearly, require explicit user consent before searching, and restrict queries to non-sensitive, user-approved terms.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

先将分析内容写入 JSON 文件（保存到 `<skill_path>/data/latest_analysis.json`）

The skill persists the generated analysis to a local JSON file; this is useful for Word generation but can retain sensitive paper metadata, summaries, and analysis after the session.

User impactA local copy of the paper analysis may remain in the skill directory and could be read later by someone with access to the machine.

RecommendationDelete latest_analysis.json and generated reports after use when handling confidential papers.