NeuriCo
Security checks across malware telemetry and agentic risk
Overview
NeuriCo is not obviously malicious, but it asks for broad account access and can automatically run generated experiments and push results to GitHub.
Install only if you are comfortable running an external autonomous research framework. Start in Docker, pin and inspect the external code/image where possible, use --no-github or --private until you review outputs, use least-privilege/temporary credentials, revoke tokens after use, and avoid confidential datasets or ideas unless provider privacy terms are acceptable.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A single invocation could consume compute, create GitHub resources, and publish generated code/results before the user has reviewed them.
The documented fastest path chains fetching external content, autonomous experiment execution, repository creation, paper generation, and pushing outputs; the artifacts do not describe an intermediate approval gate before those actions.
./neurico fetch <ideahub_url> --submit --run --provider claude ... creates a GitHub repo, runs experiments, writes a paper, and pushes everything.
For first runs, use Docker plus --no-github or --private, inspect generated code and results, and push manually only after review.
If the external tool or generated workflow misbehaves, a broad token could affect more of the user's GitHub account than the single intended research repo.
A classic repo-scope token is broad delegated GitHub authority. Combined with automatic repository creation and pushes, this is high-impact account access that needs tight containment.
GitHub token (classic, `repo` scope) | Auto-creates repos and pushes results.
Use the least-privilege token available, prefer a throwaway account or isolated organization, revoke the token after use, and use --no-github unless automatic publishing is necessary.
Users may run code or container images that have changed since the skill was published.
Installation depends on external repository code and an unpinned Docker image tag. This is central to the stated purpose and disclosed, but it means the reviewed skill package does not contain the executable implementation.
git clone https://github.com/ChicagoHAI/neurico && cd neurico && ./neurico setup ... docker pull ghcr.io/chicagohai/neurico:latest
Verify the repository, inspect the setup script, and pin a reviewed commit and Docker image digest where possible.
Generated or downloaded research code could run locally or in a container and may consume resources or interact with files available to that environment.
Executing generated experiment code is an expected part of the research framework. The Docker path provides some containment, but native execution is also documented.
full research lifecycle: literature review, experiment design, code execution, analysis, paper writing, GitHub push
Prefer the Docker workflow, avoid mounting sensitive directories, review generated code before native execution, and set compute/budget limits.
Research ideas, datasets, code, prompts, or experiment outputs may be processed by third-party services.
The framework uses external AI coding providers and optional service APIs. That is purpose-aligned, but the artifacts do not fully detail what research inputs, code, logs, or results are sent to each provider.
Providers | Claude Code, Codex, Gemini (OAuth login, not API keys)
Do not use confidential data unless the provider terms and project configuration are acceptable; check each provider's data retention and privacy settings.