academic-research-hub

The skill's stated purpose (searching academic databases, downloading PDFs, extracting citations) aligns with the documented capabilities. There are no explicit malicious code snippets in the provided documentation. However, supply-chain concerns arise from the mandatory external binary (OpenClawCLI at clawhub.ai) and implied Google Scholar scraping. Those introduce moderate risk: a third-party CLI can perform remote network operations or harvest credentials, and scraping flows may process untrusted content. Overall this appears functionally coherent and likely benign in intent, but the transitive trust in an external, non-standard CLI and the download/scraping patterns justify a medium security risk and careful vetting of any external binaries before use.