ClawHub
Back to skill

Security audit

Rstudio Research Agent

Security checks across malware telemetry and agentic risk

Overview

The skill is a straightforward R research workflow helper, but users should understand that running analyses can execute local R code and write project files.

Install this only if you want an agent to help with R-based research workflows. Before asking it to run scripts, render reports, initialize Git, or install packages, review the project and choose an explicit project directory and output path, especially for untrusted or sensitive data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README tells users to invoke the skill broadly by 'asking Claude to work with R,' which creates an overly permissive activation pattern for a capability that can create projects, modify files, and run analysis code. In an agent setting, vague invocation guidance increases the chance the skill is used in contexts the user did not intend, including execution of repository scripts or other workspace actions without clear boundaries.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises creating projects and executing analyses but does not warn that these actions may modify the filesystem, initialize Git, install dependencies, or execute arbitrary R/RMarkdown/Quarto code from the workspace. In this skill context, that omission is significant because scientific project files and analysis scripts are often treated as trusted, yet they may contain unsafe code or destructive side effects.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly describes creating directories, initializing Git, installing packages, executing analyses, and writing results, but it does not clearly warn that activating the skill can modify the filesystem and execute code. In an agent setting, missing disclosure and confirmation around these side effects increases the risk of unintended repository changes, package installation, or execution of untrusted R scripts supplied by the user or present in the workspace.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The statement that all outputs are saved to files implies persistent disk writes, but the skill does not warn users that analyses, figures, and reports will create artifacts on disk. While less severe than code execution itself, this can still lead to unexpected data exposure, overwriting files, or cluttering sensitive project directories when the agent operates without explicit user awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly describes activating project environments, sourcing `.Rprofile`, and executing arbitrary `.R`, `.Rmd`, and `.qmd` files, but it does not warn users that these actions execute untrusted project code with the agent's privileges and can create or overwrite files. In an R/RStudio context, startup files, render hooks, package load side effects, and analysis scripts can all perform arbitrary command execution, network access, or filesystem modification, so the omission materially increases the chance of unsafe use.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.