ClawHub

Semantic Scholar Library Feed

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is purpose-aligned, but it saves live Semantic Scholar session cookies in plaintext and can crawl or change private library data without strong confirmation safeguards.

Install only if you are comfortable giving the skill reusable access to your Semantic Scholar session and private library/feed data. Treat the copied curl command and saved cookie files like passwords, restrict their file permissions, delete them when finished, and require explicit review before running feed crawls or folder-add operations.

SkillSpector (8)

By NVIDIA

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the user to export an authenticated browser request as curl and import cookies into a local store, but it does not clearly warn that this material is equivalent to active session credentials. Because the stored sid and s2 cookies grant access to private Library and Feed data, mishandling, overbroad storage, or accidental disclosure could let another process or user impersonate the account.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to copy authenticated browser requests and save reusable session cookies/header material to stable disk paths, which materially increases the chance of credential leakage, session hijacking, or unintended reuse by other tools or users on the same system. Although it briefly says the copied curl is sensitive, it does not provide clear operational safeguards such as restrictive file permissions, redaction guidance, expiration/deletion steps, or warnings that these artifacts effectively grant account access.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow explicitly supports inspecting private Library folders and adding papers to them, but it provides no safety gating such as user confirmation, explicit authorization checks, or warning that the action modifies private user data. In an agent context, this can lead to unintended writes to a user's private library from ambiguous or indirectly supplied instructions, making the omission security-relevant rather than merely a documentation issue.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code stores the full imported Cookie header on disk via bundle["cookieHeader"] = raw_header and save_cookie_bundle(...) without any inline warning, minimization, or opt-in at the write site. Because these cookies appear to authenticate a user's Semantic Scholar account, local disclosure of the saved file would enable account-scoped access to private library/feed data and possibly state-changing actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This command fetches a private page using the loaded cookie bundle, which means account authentication data is transmitted to Semantic Scholar and private SSR content is retrieved, but the code provides no explicit disclosure or confirmation at the action point. In an agent-skill context, hidden authenticated network access is security-relevant because users may not realize private account data is being accessed and potentially exposed in stdout or output files.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The feed crawler repeatedly calls authenticated private APIs, accumulates private recommendation/library-derived data across many windows, and may persist the full crawl state to disk. That combination increases exposure: a single command can silently exfiltrate a large amount of account-scoped data into local files or downstream consumers without an explicit warning about scope, volume, or sensitivity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The folder-add command performs an authenticated POST that changes the user's Semantic Scholar library by adding papers to folders, yet there is no confirmation step beyond an optional dry-run mode. In an agent setting, silent state-changing actions against a private account are dangerous because a prompt injection or mistaken invocation could alter user data without the user's informed approval.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code persists a full authenticated Semantic Scholar cookie bundle and also writes the raw Cookie header to disk in plaintext. Because these cookies likely represent an active logged-in browser session for private library/feed access, local compromise, weak filesystem permissions, backups, logs, or accidental sharing of the files could allow session hijacking and unauthorized access to the user's private Semantic Scholar account data.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal