Google Scholar Search
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do the disclosed academic-paper search, with the main notice being that search terms are sent to Semantic Scholar.
This skill looks appropriate for academic literature search and does not request credentials or modify local files. Before installing, be comfortable with your search terms being sent to Semantic Scholar, and treat any returned PDF links as third-party links you choose whether to open.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Research topics or paper IDs you search for may be visible to Semantic Scholar as part of normal API use.
The user-provided search query is sent to the Semantic Scholar API. This is expected for the skill's purpose and the endpoint is disclosed, but it is still an external data flow.
BASE_URL = "https://api.semanticscholar.org/graph/v1" ... params = { "query": query, "limit": min(limit, 100), "fields": fields }Use the skill only for queries you are comfortable sending to Semantic Scholar; avoid sensitive unpublished research topics if that matters to you.