semantic-scholar-deep
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches academic paper metadata, citations, and recommendations from the official Semantic Scholar API (api.semanticscholar.org). All remote operations are directed to this legitimate service using Python's standard library.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local Python scripts (
ss_client.pyandcitation_graph.py). These scripts are used for API interaction and graph traversal, and do not contain any arbitrary command execution or shell injection vulnerabilities. - [SAFE]: No malicious patterns, obfuscation, or unauthorized data access were detected. The skill correctly manages API authentication via the
SEMANTIC_SCHOLAR_API_KEYenvironment variable, avoiding hardcoded secrets. The subagent instructions include safety-conscious practices like explicit date-anchoring to ensure research accuracy.
Audit Metadata