Skillv1.0.4

ClawScan security

Literature Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 2, 2026, 12:37 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and docs match its stated purpose (fetch papers, call an LLM, format and push reports), but the registry metadata fails to declare the required LLM API credential and there are a few operational risks (external network calls and sending titles/abstracts to a configurable LLM endpoint) that you should review before installing.
Guidance: Before installing: (1) Be aware this will send paper titles and abstracts to whatever LLM endpoint you configure — only use a trusted provider and review their data-retention/privacy terms. (2) The skill expects an LLM API Key in config.yaml (api.api_key) even though the registry metadata omitted that — do not paste keys into public repos. (3) Review and, if needed, change base_url to a known/approved endpoint; malicious endpoints could capture your data. (4) Feishu push is implemented as a placeholder that prints the message — if you expect real push behavior, review and implement the Feishu API call and handle tokens securely. (5) Run the code in an isolated environment (or sandbox/VM) and inspect config.yaml and scripts yourself; consider creating a provider account with limited quota or using a provider that supports private/deletion guarantees. (6) If you need the registry to be accurate, ask the publisher to update the metadata to declare the required credential (LLM API Key).

Review Dimensions

Purpose & Capability: noteThe name/description (daily literature retrieval, AI filtering, bilingual summaries, Feishu push) align with the included scripts: RSS + PubMed fetching, AI filtering, summary generation, and Feishu push. However the published registry metadata lists no required credentials/primary credential, while SKILL.md/package.json and the code clearly require an LLM API key (stored in config.yaml). This metadata mismatch is an incoherence that could mislead users or automation.
Instruction Scope: concernRuntime instructions and scripts perform network operations: pulling RSS feeds, querying NCBI PubMed APIs, and sending paper titles/abstracts to the configured LLM endpoint (base_url + /chat/completions). The SKILL.md warns about this, but the code will transmit paper content to whichever base_url is configured. send_to_feishu is a placeholder that only prints by default (no real Feishu API call), but the scripts read/write config.yaml and data files. There is no instruction or code that reads unrelated local secrets or system config beyond the project's config.yaml, but sending abstracts to an external LLM is a potential data-exfiltration/privacy risk if the endpoint is untrusted.
Install Mechanism: okThere is no platform install spec; installation is via the included install.sh which runs pip installs for common PyPI packages (feedparser, requests, pyyaml, markdown, weasyprint). No downloads from obscure URLs or archive extraction are present. install.sh also copies config template and runs local verify_install.py. This is standard but will install packages from PyPI.
Credentials: concernThe code and SKILL.md require an LLM API key (api.api_key in config.yaml) and optionally a Feishu user ID. The registry metadata, however, declares 'Required env vars: none' and 'Primary credential: none', which contradicts the declared MUST credential in SKILL.md/package.json and the code. Aside from the LLM API key and optional Feishu ID, no other credentials are requested. Requiring an LLM API key is proportionate to the described functionality, but the metadata mismatch is misleading and should be corrected before installation.
Persistence & Privilege: okThe skill does not request 'always:true' and does not modify other skills or system-wide configs. It creates/uses local project files (config.yaml, data/, logs/) which is expected. It will persist data (fetched papers and generated summaries) locally in the repository's data directory.