scholar-sidekick-cli

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands such as scholar and npx to interact with the scholarly citation service. This is the primary function of the CLI-based skill.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the scholar-sidekick-cli package from the npm registry using npx or npm. This package is the core tool provided by the vendor for this skill's functionality.
  • [DATA_EXFILTRATION]: The skill communicates with https://scholar-sidekick.com to resolve identifier metadata. This network activity is documented and necessary for the tool's operation.
  • [CREDENTIALS_UNSAFE]: The skill appropriately suggests using environment variables such as SCHOLAR_API_KEY or RAPIDAPI_KEY for authentication, which follows standard security best practices for secret management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 06:24 PM
Security Audit — agent-trust-hub — scholar-sidekick-cli