Nature Paper Hub
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears purpose-aligned for academic writing, but it uses disclosed external literature/search services and manual/global installation steps that users should understand.
This looks suitable for manuscript-writing assistance if you are comfortable with external literature searches. Do not paste confidential unpublished details into search queries, verify all citations and journal rules, and prefer project-level or virtual-environment installation to limit long-term environment changes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Research queries, and possibly unpublished topic details if included in the query, may be sent to external services.
The skill discloses use of an external literature API and web search during literature review, which may send research topics or keywords outside the local agent.
Use the LitReview system at https://ybliterature.com/api/search?q=<query> ... Also use web_search
Avoid putting confidential unpublished details into search queries unless you are comfortable sharing them with the external services used.
The assistant may rely on stored or retrieved paper metadata that could be incomplete, stale, or inaccurate.
The skill includes a stored literature index used as retrieval context; it is described as public metadata, but retrieved context can still influence manuscript and citation suggestions.
"description": "Curated literature index for nature-paper-hub. Public metadata only (titles, journals, years, abstracts). No personal annotations or credentials."
Verify all citations, abstracts, journal rules, and manuscript claims against primary sources before submission.
If installed globally, the skill remains available beyond the current project and may be invoked in future sessions.
The README documents a global user-level installation option that persists the skill/subagents across projects.
Install as user-level subagents (available in all projects) ... cp nature-paper-hub/SKILL.md ~/.claude/agents/nature-paper-hub.md
Use project-level installation if you only want the skill available for one workspace, and remove the copied files when no longer needed.
Installing dependencies this way could affect other Python tools on the machine.
A dependency-install hint recommends using --break-system-packages, which can modify a system-managed Python environment if the user follows it.
Run: pip3 install pandas matplotlib seaborn openpyxl -q --break-system-packages
Install dependencies in a virtual environment instead of using --break-system-packages unless you understand the impact.