ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Meta Research

v2.5.0

Autonomous research workflow agent for AI and scientific research. Use when the user wants to brainstorm research ideas, conduct a literature review, design...

0· 469·1 current·1 all-time
byJiachen LIU@amberljc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (autonomous research copilot) matches what the skill asks for: structured phase protocols, writing files, literature search, and reproducible experiment management. There are no unrelated required environment variables, binaries, or install steps that would be inconsistent with the described purpose.
Instruction Scope
SKILL.md instructs the agent to read and write project files (LOGBOX, explorations/*, shared/*), create directories, run literature searches (arXiv, Semantic Scholar, Google Scholar), and manage reproducibility artifacts. Those actions are appropriate for a research workflow. It does not instruct reading arbitrary system files or requiring unrelated secrets, but it does assume the agent can perform file I/O, shell commands (Bash) and web requests — capabilities that can perform broader actions if granted. The instructions are specific (phase protocols, artifact locations) rather than open-ended data collection.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute on install. That is the lowest-risk install model and proportionate to the stated functionality.
Credentials
No environment variables, credentials, or config paths are declared or required. The workflow mentions interacting with services (GitHub, arXiv, Zenodo) as part of dissemination, but the skill does not request tokens or secrets in its metadata. If the agent later asks for upload credentials at runtime, those are not declared here and should be provided explicitly by the user only when needed.
Persistence & Privilege
always:false and the skill does not request system-wide persistence. The skill is allowed to run autonomously by default (platform default), and it lists powerful allowed-tools (Bash, WebFetch, WebSearch, file Read/Write/Edit). That is coherent for an autonomous research helper but increases the blast radius if you enable autonomous execution — consider restricting autonomous runs or reviewing prompts before allowing shell/network actions.
Assessment
This skill is internally consistent with its stated purpose and appears to be a well-documented research workflow. Before installing or enabling autonomous runs: (1) Be aware the agent will create and modify files in your project (LOGBOX, explorations/, shared/). Back up any important data first. (2) The skill can run shell commands and make web requests — avoid granting persistent credentials or broad network access unless you trust the skill and monitor actions. (3) If you plan to publish or push code/data, prepare and control any GitHub/Zenodo/API credentials separately and provide them only when needed. (4) Consider running the skill in a sandboxed project folder or ephemeral environment until you confirm its behavior. If you want deeper assurance, request the author/source/repository before installing so you can audit exact file changes and any optional scripts.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f96z1agas0jaj8yg3d487yh82829y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments