semantic-scholar-library-feed

The skill target and capabilities are broadly aligned: it aims to manage a Semantic Scholar authenticated session to read and modify private library data and feeds via a CLI. The main security concerns arise from handling user cookies/cookie headers and persisting outputs locally. There is a reasonable surface area for credential exposure and data leakage if local files are not properly secured or if cookie imports are mishandled. The workflow relies on user-supplied, browser-copied curl headers, which is a known risk surface but is a justifiable trade-off for avoiding browser-based login flows in a CLI tool. Overall, the footprint is coherent with the stated purpose but deserves attention to credential handling practices, secure defaults (permissions, ephemeral /tmp storage, clear logging), and explicit consent prompts for private data access.