ClawHub

Academic Results Writer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent academic writing skill, with the main caution that long outputs may be saved to a Desktop folder automatically.

Install only if you are comfortable with long Results drafts being saved locally to the documented Desktop folder. For confidential manuscripts, unpublished data, or sensitive research, tell the agent to stay chat-only or ask before writing files, and review generated Results for statistical accuracy and plagiarism boundaries before use.

Publisher note

Academic Results writing skill for psychology and behavioral science. Generates, revises, and audits Results sections from user's own statistical outputs. Supports Chinese (default) and English. Includes Target-paper style adaptation and Module H bridge integration with paper-results-reverse-engineer. No real data, no plagiarism risk — only writes from user-provided statistics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that long outputs may automatically switch to a file-output mode and write to `~/Desktop/OpenClaw_Paper_Analysis/outputs_md/results_writer/`, but it does not require explicit user consent or warn about local file creation. This can cause unintended persistence of potentially sensitive research data, manuscript drafts, or unpublished results on disk, which is a security and privacy risk in academic workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The example explicitly instructs the skill to write output to a local Markdown file path, but provides no user-consent step, overwrite protection, or warning that the agent will modify the filesystem. In an agent setting, implicit file writes can cause unintended local changes, overwrite existing work, or expand the blast radius if similar patterns are reused with attacker-influenced filenames or destinations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal