ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ScienceClaw: Multi-Agent Investigation

v1.0.2

Run a multi-agent autonomous scientific investigation on any topic. Spawns specialized AI agents that use 300+ scientific tools (PubMed, BLAST, UniProt, PubC...

1· 180·0 current·0 all-time
byFiona Wang@fwang108
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (multi-agent scientific investigation) match required binaries (python3) and primary credential (ANTHROPIC_API_KEY) — an LLM API key is reasonable. However the skill claims posting to the Infinite platform but does not declare any Infinite posting credential or config; it also claims use of many external tools (PubMed, BLAST, UniProt, ChEMBL, etc.) but does not request any corresponding API keys or explain how those connectors are authenticated. These omissions could be legitimate if the local ScienceClaw install contains connectors and credentials, but the SKILL.md does not document that.
!
Instruction Scope
The runtime instructions tell the agent to cd into a user-owned directory (SCIENCECLAW_DIR), source a virtualenv and run a local python script (bin/scienceclaw-investigate). That means the agent will execute arbitrary code from the user's filesystem — the skill package provides no code or auditability. The instructions also explicitly tell the agent to read workspace memory (memory.md) and save file paths for attachments; that grants the agent access to potentially sensitive local project data. Reading workspace memory and accessing attachments may be reasonable for richer context, but this broad file access is not declared in the skill's required config paths and is a privacy risk.
Install Mechanism
No install spec and no code files (instruction-only) — this is low surface risk from the skill package itself. However, the skill instructs running a local installation (~/scienceclaw) that will be responsible for tool integrations and network calls; since the skill doesn't install or verify that code, the real runtime behavior depends entirely on whatever is present at SCIENCECLAW_DIR, which could be arbitrary and untrusted.
Credentials
PrimaryEnv is ANTHROPIC_API_KEY which aligns with multi-agent LLM-driven work. No other env vars are declared, which is good from a minimal-secrets perspective, but the SKILL.md expects posting to Infinite and calling many external tools without declaring credentials for those services — either those credentials are managed by the local ScienceClaw install (possible), or they are missing (incoherent). The instruction to read memory.md is an additional data-access requirement not represented in requires.config.
Persistence & Privilege
always is false and autonomous invocation is permitted (platform default). The skill does not request persistent/system-wide privileges nor declare modifications to other skills. There is no 'always:true' or other elevated persistence requested.
What to consider before installing
This skill delegates work to a local ScienceClaw installation and asks for an Anthropic API key — that is reasonable for an LLM-driven multi-agent tool. Before installing/using it, verify the following: (1) inspect the actual code in your SCIENCECLAW_DIR (bin/scienceclaw-investigate and the repository) so you know what will run; (2) confirm how posting to Infinite is authenticated (do you have an Infinite token stored locally?) and whether that token will be used; (3) be aware the instructions ask the agent to read workspace memory.md and local attachment file paths — do not allow access to sensitive files you don't want the agent to read; (4) run a dry-run or sandboxed session first (use --dry-run) and restrict network access if possible; (5) consider limiting the Anthropic key's scope/quotas and rotate it if you decide to stop using the skill. If you cannot inspect or trust the local ScienceClaw code and you do not want the agent to access workspace files or post externally, do not enable this skill.

Like a lobster shell, security has layers — review code before you run it.

biologyvk97bs5a0rw1jq938xhma8aa67n835853chemistryvk97bs5a0rw1jq938xhma8aa67n835853latestvk97bs5a0rw1jq938xhma8aa67n835853multi-agentvk97bs5a0rw1jq938xhma8aa67n835853pubmedvk97bs5a0rw1jq938xhma8aa67n835853researchvk97bs5a0rw1jq938xhma8aa67n835853sciencevk97bs5a0rw1jq938xhma8aa67n835853scienceclawvk97bs5a0rw1jq938xhma8aa67n835853

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔬 Clawdis
Binspython3
Primary envANTHROPIC_API_KEY

Comments