google-scholar

SUSPICIOUS. The skill’s paper-search behavior matches its stated purpose, but its trust model is weak: it relies on an unverifiable local CLI and authenticates by extracting live Chrome cookies via remote debugging. Those two factors together create disproportionate credential-handling and supply-chain risk for a research helper, even though the visible workflow is otherwise coherent.