awesome-paper-skill 安全扫描报告 — 低风险 | ClawSafe

10 /100

awesome-paper-skill

End-to-end pipeline for topic-driven literature research: collect papers from multiple sources, generate an Awesome-style README, and update/push to user GitHub repo.

Legitimate academic paper aggregation pipeline with no malicious behavior; all shell/network operations are documented, necessary, and use standard APIs and GitHub CLI tools.

技能名称awesome-paper-skill

分析耗时40.9s

引擎pi

✓

可以安装

This skill can be used safely. The shell:WRITE permission is required for git/gh CLI operations which are fully documented in SKILL.md.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	build_awesome_readme.py reads JSON, writes README; fetch_papers.py writes JSON
网络访问	`READ`	`READ`	✓ 一致	fetch_papers.py: HTTP GET to arXiv/Crossref/Semantic Scholar APIs (lines 16-26, …
命令执行	`WRITE`	`WRITE`	✓ 一致	publish_repo.py: subprocess.run() for git/gh commands (lines 18-40)
环境变量	`NONE`	`NONE`	—	No os.environ access detected
技能调用	`NONE`	`NONE`	—	No nested skill invocations
剪贴板	`NONE`	`NONE`	—	No clipboard access
浏览器	`NONE`	`NONE`	—	No browser automation
数据库	`NONE`	`NONE`	—	No database access

8 项发现

🔗

中危外部 URL 外部 URL

https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg

scripts/build_awesome_readme.py:9

🔗

中危外部 URL 外部 URL

https://img.shields.io/badge/

scripts/build_awesome_readme.py:28

🔗

中危外部 URL 外部 URL

https://export.arxiv.org/api/query?search_query=all:

scripts/fetch_papers.py:20

🔗

中危外部 URL 外部 URL

http://www.w3.org/2005/Atom

scripts/fetch_papers.py:25

🔗

中危外部 URL 外部 URL

https://api.crossref.org/works?query=

scripts/fetch_papers.py:55

🔗

中危外部 URL 外部 URL

https://doi.org/

scripts/fetch_papers.py:80

🔗

中危外部 URL 外部 URL

https://api.semanticscholar.org/graph/v1/paper/search?query=

scripts/fetch_papers.py:101

🔗

中危外部 URL 外部 URL

https://arxiv.org/abs/

scripts/fetch_papers.py:116

目录结构

5 文件 · 13.7 KB · 443 行

Python 3f · 351L Markdown 1f · 87L JSON 1f · 5L

├─ ▾ 📁 scripts

│ ├─ 🐍 build_awesome_readme.py Python 117L · 3.6 KB

│ ├─ 🐍 fetch_papers.py Python 186L · 6.0 KB

│ └─ 🐍 publish_repo.py Python 48L · 1.8 KB

├─ 📋 _meta.json JSON 5L · 138 B

└─ 📝 SKILL.md Markdown 87L · 2.2 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`urllib`	`stdlib`	Python 3	否	Standard library only; no external dependencies

安全亮点

✓ All capabilities declared in SKILL.md match actual implementation

✓ No credential harvesting or exfiltration detected

✓ No obfuscation, base64 execution, or anti-analysis techniques

✓ Network requests target legitimate academic APIs (arXiv, Crossref, Semantic Scholar)

✓ Shell commands limited to documented git/gh CLI operations

✓ No sensitive file paths (~/.ssh, ~/.aws, .env) accessed

✓ No reverse shell, C2, or data theft mechanisms

✓ User-Agent header identifies tool properly (openclaw-awesome-research-tracker/1.0)