paper-fetch

SUSPICIOUS. The core capability matches the stated purpose, and credential scope is mostly proportionate, but the default Sci-Hub mirror fallback and mirror scraping introduce significant third-party routing and policy-bypass risk. This is not confirmed malware, but it is a medium-risk skill because it sends paper requests through unofficial domains and can leverage ambient institutional access.