Back to skill
Skillv1.0.0
VirusTotal security
Academic Citation Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:50 AM
- Hash
- 42dea80238a806dd4ed658bf1aaeb9ba21ed886e9fe8d69890a9f1451657fa8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: academic-citation-manager Version: 1.0.0 The skill appears to be a legitimate academic citation management tool, integrating with public APIs (Crossref, OpenLibrary) and handling various citation formats. However, the Python scripts `academic_citation_skill.py` and `batch_import.py` are vulnerable to path traversal. User-supplied file paths for operations like `--output`, `--input`, `--report`, `--export-json`, `--import-json`, `--export-bibtex`, and `--import-bibtex` are used directly with `open()` without sanitization. This allows an attacker to read from or write to arbitrary file system locations (e.g., `python academic_citation_skill.py --export-json ../../secrets.json`), which is a significant vulnerability, classifying the skill as suspicious rather than benign.
- External report
- View on VirusTotal