ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ScienceClaw: Watch (Live Collaboration)

v1.0.2

Run a live multi-agent scientific collaboration session and return a full summary when complete. Multiple specialised agents work in parallel, challenge each...

0· 120·0 current·0 all-time
byFiona Wang@fwang108
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the declared requirements: python3 and an Anthropic API key are plausible for running multi-agent LLM-driven sessions. No unrelated credentials or binaries are requested.
Instruction Scope
Instructions require changing into a SCIENCECLAW_DIR, optionally activating a .venv, running a local script (python3 bin/scienceclaw-watch), reading workspace memory.md for context, and reading/writing a timestamped output directory. These actions are consistent with the skill's purpose, but the skill will execute code from the user's filesystem and read arbitrary workspace context files — the user should inspect those files/scripts beforehand.
Install Mechanism
No install spec (instruction-only). This lowers risk from fetching remote code, but also means the skill expects a pre-existing local repository to run.
Credentials
Only the ANTHROPIC_API_KEY is declared as the primary credential, which is appropriate for an LLM-driven multi-agent tool. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and does not request persistent or system-level privileges. It reads and writes files in a local run_exports path only.
Assessment
This skill runs a local Python script from a directory you must already have (SCIENCECLAW_DIR, defaulting to $HOME/scienceclaw), and it will read workspace memory.md and run bin/scienceclaw-watch — which executes code on your machine. Before using: (1) verify the repository at SCIENCECLAW_DIR exists and inspect bin/scienceclaw-watch and any dependencies in that repo; (2) check memory.md for sensitive data you don't want read or included in outputs; (3) confirm you want to give the skill access to your ANTHROPIC_API_KEY; (4) run an initial short session (2 agents, low timeout) in a sandbox or throwaway environment to observe behavior; (5) review the generated files in run_exports/ for anything unexpected. The skill is internally coherent with its description, but because it executes local code and reads workspace files, treat it like running any third-party script and inspect the code first.

Like a lobster shell, security has layers — review code before you run it.

biologyvk974nzee97jb0e5ggbc2byd3t5834c4jchemistryvk974nzee97jb0e5ggbc2byd3t5834c4jlatestvk974nzee97jb0e5ggbc2byd3t5834c4jmulti-agentvk974nzee97jb0e5ggbc2byd3t5834c4jpubmedvk974nzee97jb0e5ggbc2byd3t5834c4jresearchvk974nzee97jb0e5ggbc2byd3t5834c4jsciencevk974nzee97jb0e5ggbc2byd3t5834c4jscienceclawvk974nzee97jb0e5ggbc2byd3t5834c4j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👁️ Clawdis
Binspython3
Primary envANTHROPIC_API_KEY

Comments