Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ieee-reference-manager
v1.0.0IEEE Trans 论文参考文献全流程管理助手。负责参考文献的格式校验、引用审查、BibTeX 条目修复、期刊名标准化、DOI/元数据在线验证、Early Access 处理、作者数量合规、重复条目检测等。当用户需要"检查参考文献"、"修复引用格式"、"验证 DOI"、"整理 bib 文件"、"参考文献审查"时触发。
⭐ 0· 310·0 current·0 all-time
byLinghaoz@zlhad
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (IEEE Trans reference manager) match the actual instructions: parsing .bib/.tex, DOI checks, journal-name normalization, duplicate detection, and optional use of auxiliary scripts. The allowed tools (Read/Edit/Write/Bash/Glob/Grep/WebSearch/WebFetch/Agent) are appropriate for file scanning, local script invocation, and online DOI verification.
Instruction Scope
SKILL.md confines actions to bibliography-related tasks (locating .bib/.tex, parsing entries, cross-checking citations, and calling DOI resolvers). It explicitly requires showing Before/After and asking for confirmation before modifying files. Note: DOI/meta validation uses WebSearch/WebFetch which will send paper identifiers/titles to external services — this is expected for verification but is the main surface that could leak content externally if the user considers bibliographic contents sensitive.
Install Mechanism
Instruction-only skill with no install spec and no code files to write or download. This is lowest-risk from an installation perspective.
Credentials
The skill declares no required environment variables or credentials (appropriate). One minor mismatch: SKILL.md references running Python scripts (analyze_bib.py, nameTranslate.py) and shell commands (python analyze_bib.py), but the registry metadata lists no required binaries; the agent/platform must provide python/bash for script execution. No secrets or unrelated credentials are requested.
Persistence & Privilege
always:false and no install means the skill does not request permanent presence. The skill uses Read/Edit/Write tools and can modify files, but SKILL.md states it will show Before/After and requires user confirmation before changes. Be aware that autonomous invocation (default platform behavior) plus write access increases impact if misused — however this is a normal platform pattern and the skill documents confirmation behavior.
Assessment
This skill appears to do what it says: check and fix IEEE-style BibTeX references and validate DOIs. Before installing or running it, consider: (1) Make a backup or run it on a copy of your .bib/.tex files so accidental edits can be undone. (2) Ensure Python and a shell are available if you expect it to run auxiliary scripts (SKILL.md references python commands) — the skill doesn't declare these binaries. (3) DOI/metadata checks use web queries (WebSearch/WebFetch) — titles/DOIs will be sent to external resolvers; avoid running it on highly sensitive, private bibliographic data unless you're comfortable with that. (4) The skill claims it will show Before/After and ask confirmation before writing — verify this behavior on first use. If you need stronger guarantees, run the analysis-only path (no automatic edits) or inspect suggested changes before accepting them.Like a lobster shell, security has layers — review code before you run it.
latestvk974nj8d37k13w23fd7c83cycn82prz7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.