Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Denario (Autonomous Research Pipeline)
v1.0.0Automates scientific research by generating ideas, methodology, results, papers, and citations using the Denario framework with Z.ai integration.
⭐ 0· 1.7k·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to run the Denario research pipeline, which explains running Python scripts and installing denario. However the registry metadata lists no required env vars while SKILL.md and the scripts require OPENAI_API_KEY (for Z.ai/Zhipu) and set OPENAI_BASE_URL to a third‑party endpoint. That mismatch (declared requirements vs runtime requirements) is incoherent and could confuse users about which credential to provide.
Instruction Scope
Runtime instructions execute scripts via scripts/wrapper.sh which: create a virtualenv in the user home (~/.denario_skill_env), pip install denario and langchain-openai, set OPENAI_BASE_URL to https://open.bigmodel.cn, monkey-patch langchain_openai behavior, modify PATH for TinyTeX, and run user-facing scripts that write into ./denario_output. test_citations.py also injects a PERPLEXITY_API_KEY literal. The scripts therefore read/write home directories, change environment variables, and direct LLM traffic to an external host — behaviors beyond a simple helper and not declared in registry.
Install Mechanism
There is no formal install spec in the registry, but the wrapper script bootstraps a virtualenv and runs pip install to fetch denario and langchain-openai from PyPI at runtime. This is a common approach but means arbitrary Python packages will be installed/executed in your account when the skill runs.
Credentials
The registry claims no required environment variables, yet SKILL.md and the scripts require OPENAI_API_KEY. The scripts also unconditionally set OPENAI_BASE_URL to a third‑party endpoint (open.bigmodel.cn) — meaning a supplied OPENAI_API_KEY would be used against that host. Additionally, test_citations.py sets a hardcoded PERPLEXITY_API_KEY value inside the repo, which is unusual and suspicious (embedded credential). Requesting/using an API key is reasonable for an LLM-backed pipeline, but the incongruence and the presence of a hardcoded third‑party key are disproportionate and risky.
Persistence & Privilege
The skill does not request forced persistence (always:false) and does not alter other skills. It does create a persistent virtualenv at ~/.denario_skill_env and writes project output to ./denario_output (or per SETUP.md, ~/denario_test); this has persistent side effects on the user's home directory which users should expect and approve.
What to consider before installing
Do not install blindly. Key points to consider before running: (1) The skill expects you to set OPENAI_API_KEY but the registry didn't declare it — confirm whether you should supply an OpenAI key or a Z.ai/Zhipu key; by default the scripts set OPENAI_BASE_URL to https://open.bigmodel.cn so your key would be used with that host. If you don't want your personal API key sent to a third party, do not run this skill until the base URL is changed. (2) test_citations.py contains a hardcoded PERPLEXITY_API_KEY — remove that or ask the author why it's embedded; it may be a leaked/shared credential. (3) The wrapper will create a virtualenv in your home (~/.denario_skill_env) and pip install packages — consider running in an isolated machine or disposable account if you want to test. (4) Review the scripts locally (they are included) and adjust OPENAI_BASE_URL and any hardcoded keys before running. (5) If you want to proceed, prefer using a dedicated API key with limited quota and monitor outbound requests; otherwise reject or request the maintainer to: declare required env vars, remove embedded keys, and make the target LLM host configurable and documented.Like a lobster shell, security has layers — review code before you run it.
latestvk97dm7mnzfhg3623my6smbw2en80eyqb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.