paper-navigator
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches academic paper metadata and full-text content from established research and developer platforms, including Semantic Scholar (api.semanticscholar.org), arXiv (export.arxiv.org), HuggingFace (huggingface.co), GitHub (api.github.com), and Jina Reader (r.jina.ai). These connections are necessary for the skill's functionality and target trusted domains.
- [DATA_EXFILTRATION]: The skill maintains a local repository of research materials in the
~/papers/directory. It manages a JSON-based index and stores PDFs and metadata snapshots. This behavior is transparently documented and restricted to the designated research folder, with no detected attempts to access unauthorized or sensitive system files. - [COMMAND_EXECUTION]: The skill consists of several Python scripts designed to be executed as part of research workflows. The scripts focus on API interactions and local file management; they do not use dangerous functions like
eval()orexec()on untrusted input, nor do they perform unauthorized shell command execution. - [SAFE]: The scripts utilize environment variables (
S2_API_KEY,JINA_API_KEY,GITHUB_TOKEN,HF_TOKEN) to manage API authentication. This is a secure and standard practice for handling user secrets. No evidence was found of hardcoded credentials or unauthorized exfiltration of these tokens.
Audit Metadata