Research
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: parallel-ai-research Version: 1.1.0 The skill is classified as suspicious due to a significant shell injection vulnerability. Instructions in `SKILL.md` and `OPENCLAW.md` direct the OpenClaw agent to execute external CLI tools like `parallel-research` and `export-pdf` with arguments derived from user input (e.g., 'research question', 'topic-slug', 'run_id'). Without robust input sanitization by the agent or platform, these commands are susceptible to arbitrary command execution. Additionally, `SETUP.md` instructs users to install a dependency via `curl | sh`, which carries a supply chain risk, though this is a setup instruction for the user, not a runtime action by the agent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could end up trusting and running a command that was not included in the reviewed package, potentially with access to their research files and Parallel AI API key.
The setup asks users to place a helper executable from the skill's scripts/ directory on PATH, but the supplied artifact manifest contains only OPENCLAW.md, SETUP.md, and SKILL.md, so the executable is missing from review.
ln -sf ~/.openclaw/skills/research/scripts/parallel-research ~/.local/bin/parallel-research
Do not run or symlink the helper CLIs until the actual scripts are present, reviewed, and obtained from a trusted source or pinned release.
Following the setup will execute code downloaded from the internet on the user's machine.
This is a user-directed dependency install step that executes a remote installer. It is related to the PDF export workflow, but it still requires trusting the remote install source.
curl -LsSf https://astral.sh/uv/install.sh | sh
Install uv from a trusted package manager or verify the installer source before running it.
The deep-research CLI can use the user's Parallel AI account and may incur usage or expose submitted research prompts to that provider.
The skill instructs users to store and export a Parallel AI API key for deep research. This is expected for the provider integration, but it is sensitive account access and is not declared in the registry metadata.
echo "PARALLEL_API_KEY=your_key_here" > ~/.secrets/parallel_ai/.env
Use a scoped/revocable API key if available, protect the secrets file, monitor provider usage, and revoke the key if the helper CLI source cannot be verified.
The agent may act later without another immediate user message, posting results back to the configured channel.
The integration can schedule future agent turns to poll async research results and optionally reschedule itself while the task is still running. It is disclosed and scoped to the research task, with deleteAfterRun enabled.
"message": "Check research task <run_id>. Run: parallel-research result <run_id>. If complete, summarize key findings. If still running, reschedule another check in 10 min.",
Only enable the cron auto-check when you want background polling, confirm the destination channel, and remove the cron job if the research is no longer needed.
Sensitive research topics, prompts, and findings may remain on disk and be reused or read later.
The skill deliberately turns research prompts and findings into persistent markdown documents under the OpenClaw workspace. This is central to the skill's purpose but means research content is retained outside the chat.
The conversation is ephemeral; the document is what matters.
Avoid putting secrets or private data into research prompts, and periodically review or delete old research folders.