Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Exa Research Papers
v1.0.0Find academic papers, studies, and research on any topic using Exa's research paper category search. Use when the user mentions 'find papers,' 'research pape...
⭐ 0· 101·0 current·0 all-time
byMario Karras@mariokarras
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md explicitly instructs the agent to run the exa.js CLI (exa.js search / exa.js contents), which is central to the skill's functionality; however, the skill metadata declares no required binaries and provides no install specification. That inconsistency means the skill either assumes a binary will already exist (unstated requirement) or is missing an install step. Additionally, the instructions reference reading .agents/product-marketing-context.md (or .claude/...), which is outside the stated 'find papers' purpose unless marketing context is deliberately needed — this file access is not declared in required config paths.
Instruction Scope
Runtime instructions direct exec of a local binary (exa.js) and instruct the agent to read product-marketing-context files if present. exec-style commands can run arbitrary code; the SKILL.md gives no guardrails, no verification of the binary's origin, and no explicit limit on what local files can be read. The instruction also permits fetching paper contents (which may require API credentials in practice) but those credentials are not declared.
Install Mechanism
There is no install spec (instruction-only), which is low risk if the agent only runs safe, declared commands. Here, however, the skill depends on an external CLI (exa.js) yet provides no install instructions or trusted source for that binary. That omission raises risk: users may run an unknown exa.js obtained from an untrusted source, or the agent may fail or call an unexpected binary on PATH.
Credentials
The skill declares no required environment variables or credentials, but the described workflow (searching and fetching paper contents via exa.js) commonly requires API keys or service credentials. The SKILL.md also asks the agent to read product-marketing-context files from the workspace, which might contain sensitive information. The lack of declared environment/credential requirements is disproportionate to the operations the skill performs.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not declare actions that modify other skills or system-wide settings. It appears to be user-invocable and not forcibly injected into all agent runs.
What to consider before installing
Do not enable this skill without clarifying a few things. Ask the publisher: (1) Where does exa.js come from? Provide an install spec or canonical source (GitHub release, npm package with homepage, or packaged binary). (2) Does exa.js require API keys or other credentials? If so, the skill should declare them in requires.env and explain scope/usage. (3) Why does the skill read .agents/product-marketing-context.md and what sensitive data might that file contain? If you permit file reading, limit the skill's workspace access or sanitize the file first. If you must test, run the agent in a restricted sandbox and verify the exa.js binary's source and contents before allowing exec. If the publisher cannot answer these questions or provide an install/credential spec, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97dres548cjfwmnfew9qffy9x836t3c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.