Rstudio Research Agent
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its stated R research workflow purpose, but it can run local R code and install R packages when used.
This appears safe to install as an instruction-only R workflow helper. Before use, remember that running R scripts, RMarkdown, Quarto, or .Rprofile files executes local code, so use it with trusted projects and review any package installation commands.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running an untrusted R project could read or change local files, install software, or perform other actions allowed to the current user.
The skill is explicitly designed to execute local R project code and load project startup configuration. This is expected for the stated purpose, but R scripts and .Rprofile files can execute arbitrary code with the user's local permissions.
Run specified R script ... Source `.Rprofile` if available ... `source("scripts/01_analysis.R")`Use this skill only with trusted R projects, inspect .Rprofile and RMarkdown/Quarto code chunks before execution, and confirm before running unfamiliar scripts.
Installing unknown or unpinned packages can bring untrusted code or unexpected dependency changes into an R environment.
The skill may generate commands to install third-party R packages from CRAN, Bioconductor, or GitHub. This is normal for R dependency management, but package installation introduces external code into the user's environment.
`install.packages("package_name")` ... `BiocManager::install("package_name")` ... `remotes::install_github("username/package")`Review package names and sources before installation, prefer trusted repositories, and use renv.lock or other pinning practices for reproducibility.
Future R sessions in the project may automatically run startup code from .Rprofile.
The skill may create a project-level R startup file that persists after the initial task and runs when the project starts. The stated use is limited to renv activation and is disclosed.
Generate `.Rprofile` for automatic renv activation
Review the generated .Rprofile and keep it limited to expected project setup such as renv activation.