awesome-paper-skill Security Report — Low Risk | ClawSafe

10 /100

awesome-paper-skill

End-to-end pipeline for topic-driven literature research: collect papers from multiple sources, generate an Awesome-style README, and update/push to user GitHub repo.

Legitimate academic paper aggregation pipeline with no malicious behavior; all shell/network operations are documented, necessary, and use standard APIs and GitHub CLI tools.

Skill Nameawesome-paper-skill

Duration40.9s

Enginepi

✓

Safe to install

This skill can be used safely. The shell:WRITE permission is required for git/gh CLI operations which are fully documented in SKILL.md.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	build_awesome_readme.py reads JSON, writes README; fetch_papers.py writes JSON
Network	`READ`	`READ`	✓ Aligned	fetch_papers.py: HTTP GET to arXiv/Crossref/Semantic Scholar APIs (lines 16-26, …
Shell	`WRITE`	`WRITE`	✓ Aligned	publish_repo.py: subprocess.run() for git/gh commands (lines 18-40)
Environment	`NONE`	`NONE`	—	No os.environ access detected
Skill Invoke	`NONE`	`NONE`	—	No nested skill invocations
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

8 findings

🔗

Medium External URL 外部 URL

https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg

scripts/build_awesome_readme.py:9

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/

scripts/build_awesome_readme.py:28

🔗

Medium External URL 外部 URL

https://export.arxiv.org/api/query?search_query=all:

scripts/fetch_papers.py:20

🔗

Medium External URL 外部 URL

http://www.w3.org/2005/Atom

scripts/fetch_papers.py:25

🔗

Medium External URL 外部 URL

https://api.crossref.org/works?query=

scripts/fetch_papers.py:55

🔗

Medium External URL 外部 URL

https://doi.org/

scripts/fetch_papers.py:80

🔗

Medium External URL 外部 URL

https://api.semanticscholar.org/graph/v1/paper/search?query=

scripts/fetch_papers.py:101

🔗

Medium External URL 外部 URL

https://arxiv.org/abs/

scripts/fetch_papers.py:116

File Tree

5 files · 13.7 KB · 443 lines

Python 3f · 351L Markdown 1f · 87L JSON 1f · 5L

├─ ▾ 📁 scripts

│ ├─ 🐍 build_awesome_readme.py Python 117L · 3.6 KB

│ ├─ 🐍 fetch_papers.py Python 186L · 6.0 KB

│ └─ 🐍 publish_repo.py Python 48L · 1.8 KB

├─ 📋 _meta.json JSON 5L · 138 B

└─ 📝 SKILL.md Markdown 87L · 2.2 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`urllib`	`stdlib`	Python 3	No	Standard library only; no external dependencies

Security Positives

✓ All capabilities declared in SKILL.md match actual implementation

✓ No credential harvesting or exfiltration detected

✓ No obfuscation, base64 execution, or anti-analysis techniques

✓ Network requests target legitimate academic APIs (arXiv, Crossref, Semantic Scholar)

✓ Shell commands limited to documented git/gh CLI operations

✓ No sensitive file paths (~/.ssh, ~/.aws, .env) accessed

✓ No reverse shell, C2, or data theft mechanisms

✓ User-Agent header identifies tool properly (openclaw-awesome-research-tracker/1.0)

Scan Report

File Tree

Dependencies 1 items

Security Positives