Creating R Research Projects
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill is coherent for creating R research projects, with the main caution that it may install and run R packages/scripts in the project workspace.
Install this only if you want the agent to help create and run an R analysis workspace. Keep it scoped to a dedicated project directory, review generated R scripts before sourcing them, and approve any CRAN/Bioconductor package installation from trusted sources.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running generated or edited R scripts can create or change files and execute package code on the user's machine.
The skill documents running local R scripts and rendering reports. This is central to R analysis workflows, but it is still local code execution that should happen only in the intended project directory.
source("scripts/01_data_preparation.R")
source("scripts/02_analysis.R")
# Generate report
quarto::quarto_render("reports/report.qmd")Review generated scripts before running them, keep work inside a dedicated project folder, and avoid sourcing untrusted R files.
The project may download and run code from CRAN, Bioconductor, or related R package sources.
Installing third-party R packages is expected for this skill, but it introduces external package supply-chain risk unless versions and repositories are controlled.
Install required CRAN/Bioconductor packages
Use trusted repositories, prefer renv lockfiles for reproducibility, and review package choices before installation.