Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Academic Paper Refinement
v7.5.0综合多评审系统的学术论文精修技能。适用于学术论文从初稿到终稿的全流程修订,包括多轮评审、意见整合、结构优化和语言润色。
⭐ 0· 27·0 current·0 all-time
byYu Yaoshen@yuyaoshen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Skill name and description match the expected actions (format checks, multi-round review, humanizer). However the SKILL.md lists specific local binaries and sibling skills (e.g., /usr/local/bin/EvoScientist, /usr/local/bin/researchclaw, skills/AI-Research-SKILLs/, skills/peer-reviewer/) while the registry metadata declared no required binaries or env vars — this metadata/instruction mismatch is unexplained and makes it unclear whether the agent will actually have the tools it expects.
Instruction Scope
Runtime instructions tell the agent to execute external binaries, load and run other local skills, produce and modify many output files, and run tools with flags like --auto-approve. Step 10 (Humanizer) explicitly aims to 'lower AI traces' (ethical concern). The SKILL enforces a rigid 12-step sequence and mandates auto-generation of multiple artifacts, giving the skill broad discretion to read/write files and run other code; this scope is larger and more intrusive than an ordinary formatting/language tool and is not constrained by metadata (no install or prereqs listed).
Install Mechanism
There is no install spec (instruction-only), and a small, readable helper script (pdf_integrity_check.sh) is included. Not having an install step is lower risk, but also means SKILL.md assumes existing local tools without declaring them in metadata — a usability/security ambiguity. No network downloads or archive extraction are present in the package.
Credentials
The skill does not request environment variables, credentials, or config paths. SKILL.md does not reference secrets or cloud credentials. The lack of requested secrets is proportionate to the declared purpose.
Persistence & Privilege
Skill does not declare always:true and is user-invocable; it therefore won't be force-included. However, instructions run local binaries and other skills (including node dist/index.js and tools invoked with --auto-approve) which may modify files autonomously. That level of local write/modify privilege is normal for a refinement tool but should be treated cautiously because the SKILL.md advocates automatic approvals and mandatory file outputs.
What to consider before installing
What to check before installing/using this skill:
- Metadata mismatch: The registry says no required binaries, but SKILL.md expects several local programs and sibling skills (EvoScientist, researchclaw, AI-Research-SKILLs, peer-reviewer). Confirm those tools exist and come from trusted sources before running the skill.
- Review the external tools: EvoScientist and researchclaw are invoked with arguments (including --auto-approve). Understand exactly what those tools do (especially auto-apply edits) and inspect their code/binaries if possible.
- Inspect sibling skills: The SKILL loads and runs other skills (node dist/index.js and loading SKILL.md). Those could execute arbitrary code; review their contents or run in an isolated environment.
- Backup your files: The skill enforces a strict multi-step process that writes and rewrites many files. Work on a copy or inside a sandbox so accidental/automatic changes don't overwrite originals.
- Consider removing or disabling automatic approvals: If possible, run without --auto-approve or require manual confirmation before edits are applied.
- Watch for network access & ethics: Steps include searching journal papers and a Humanizer to reduce AI-detection traces — be mindful of scraping terms of service, copyright, and ethical considerations of trying to defeat detection systems.
If you cannot verify the provenance of the required binaries/skills, run the skill only in a secure sandbox or decline installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97cm8naartrrnsnj08vw4gcdd847716
License
MIT-0
Free to use, modify, and redistribute. No attribution required.