scholar-sidekick-cli
Pass
Audited by Gen Agent Trust Hub on Jul 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands such as
scholarandnpxto interact with the scholarly citation service. This is the primary function of the CLI-based skill. - [EXTERNAL_DOWNLOADS]: The skill downloads the
scholar-sidekick-clipackage from the npm registry usingnpxornpm. This package is the core tool provided by the vendor for this skill's functionality. - [DATA_EXFILTRATION]: The skill communicates with
https://scholar-sidekick.comto resolve identifier metadata. This network activity is documented and necessary for the tool's operation. - [CREDENTIALS_UNSAFE]: The skill appropriately suggests using environment variables such as
SCHOLAR_API_KEYorRAPIDAPI_KEYfor authentication, which follows standard security best practices for secret management.
Audit Metadata