scholar-sidekick-mcp

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is to provide structured scholarly metadata and citation formatting using the scholar-sidekick-mcp server. All tools described (resolveIdentifier, formatCitation, checkRetraction, etc.) are appropriate for this functionality.
  • [SAFE]: The skill includes explicit instructions for the AI to never fabricate citations or retraction statuses. It mandates that the agent report tool unavailability or empty results rather than resorting to training data, which is a key security and reliability practice.
  • [SAFE]: The instructions regarding API keys (SCHOLAR_API_KEY) correctly guide the user to manage their own secrets via environment variables in the host environment, avoiding hardcoded credentials.
  • [SAFE]: No malicious patterns such as prompt injection, obfuscation, or unauthorized file access were detected. Network operations are directed towards well-known or vendor-specific domains (scholar-sidekick.com, rapidapi.com, github.com).
  • [SAFE]: The mention of npx scholar-sidekick-mcp is documented as an installation step for the user to perform on their own host, rather than an automated script execution by the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 06:24 PM
Security Audit — agent-trust-hub — scholar-sidekick-mcp