Research Library
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Files you add may have their contents and metadata stored, searched, backed up, and reused in later research tasks.
The skill intentionally creates a persistent local index of document contents and metadata, which is expected for a research library but can include sensitive or stale material that later influences searches or agent workflows.
- **Store documents** — Code, PDFs, CAD files, images, schematics - **Extract automatically** — Text from PDFs, EXIF from images, functions from code
Only add intended files or folders, use project scoping and confidence/material labels carefully, and avoid indexing sensitive directories unless you are comfortable storing that content locally.
You may need to trust local package code and Python dependencies without a clearly declared upstream source or installer specification.
The artifacts include a runnable Python package and installation instructions, but the registry-level source and install mechanism are not fully declared, leaving users to verify provenance themselves.
Source: unknown Homepage: none Install specifications: No install spec — this is an instruction-only skill.
Install only from a trusted copy, review the package source if possible, and prefer pinned or reviewed dependencies in sensitive environments.
A forced restore or archive operation could hide or replace research library data if run unintentionally.
The CLI includes local data mutation commands such as restore and archive, including force options. They are documented and purpose-aligned, but mistakes could change or replace the local library state.
`reslib restore <date>` ... `-f, --force` — Restore without confirmation
Use listing and normal confirmation flows before restore/archive operations, and reserve force flags for cases where you have verified the target backup or document ID.