Sci Data Extractor

AI-powered tool for extracting structured data from scientific literature PDFs

What to check before installing or running this skill: - Origin: The skill's Source/Homepage are unknown; prefer code from a trusted repository. If you got this from an external repo, inspect the repo and maintainer reputation. - API keys: The code will send extracted text (potentially entire PDF contents) to external LLMs/Mathpix. Only use API keys with limited scope or billing controls, and avoid uploading sensitive or private documents. - Registry mismatch: The registry lists no required env vars but the SKILL.md and code require EXTRACTOR_API_KEY (or API_KEY), EXTRACTOR_BASE_URL and optionally Mathpix keys. Do not provide secrets until you confirm how they are used and where traffic goes. - LLM/provider inconsistency: The README defaults to a Claude model name but the code uses the openai Python client and a configurable base_url. Verify that the client and base_url will actually work with your provider; otherwise keys might be misdirected or fail. - Avoid running curl | sh blindly: The installer suggests running an external script (https://astral.sh/uv/install.sh). Do not run that unless you trust the source—prefer to install uv/venv tooling via package manager or inspect the script first. - Sandbox test: Run the tool in a disposable environment (VM/container) first, with a throwaway API key and non-sensitive PDFs. Monitor network requests during a test run to confirm endpoints and data sent. - Code review focus: The key network actions are in extractor.py (requests to Mathpix and the OpenAI client usage). Confirm there are no hidden endpoints or telemetry sending keys elsewhere. If you are not comfortable, do not provide production API keys. If you want, I can point out the exact lines in the code that perform the network calls and the places where environment variables are read, or produce a minimal checklist for a safe sandboxed test run.

Type: OpenClaw Skill Name: sci-data-extractor Version: 0.1.0 The skill is classified as suspicious due to several critical vulnerabilities that could be exploited by a malicious user, rather than intentional malicious behavior by the skill author. The most significant risks include an arbitrary file write vulnerability in `extractor.py` and `batch_extract.py` where user-controlled output paths could lead to writing to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`). Additionally, there's a potential Server-Side Request Forgery (SSRF) via the `EXTRACTOR_BASE_URL` configuration, allowing LLM API calls to be redirected to internal network resources. Local File Inclusion (LFI) is also possible through user-controlled PDF paths in `PDFProcessor.extract_text_pymupdf`. Finally, the installation instructions in `SKILL.md` and `README.md` use `curl | sh` for `uv` installation, which introduces a supply chain risk.