Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AutoResearchClaw Integration
v1.0.0Integrates AutoResearchClaw to autonomously generate conference-ready academic papers from user research topics with real citations and experimental code.
⭐ 0· 229·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (autonomous research → paper with code/citations) align with the instructions: the SKILL.md explicitly instructs cloning, installing, and running an AutoResearchClaw pipeline that performs literature search, experiments, and paper generation. The capabilities requested (LLM keys, web fetch, messaging) are plausible for the stated purpose.
Instruction Scope
Runtime instructions direct the agent to git-clone a GitHub repo, create a virtualenv, pip install the project, run a 23-stage autonomous pipeline with --auto-approve, and optionally enable cron, messaging (Discord/Slack/Telegram), cross-session memory and web fetch. That scope allows executing arbitrary downloaded code, performing network traffic, scheduling recurring jobs, and persisting data — all broader than a simple 'paper-writing helper' and could exfiltrate data or run unexpected experiments if the repo is malicious or buggy.
Install Mechanism
There is no vetted install spec in the registry; SKILL.md instructs cloning https://github.com/aiming-lab/AutoResearchClaw.git and pip installing it in editable mode. Downloading and installing unpinned code from a third-party GitHub repo is a high-risk install pattern (no pinned commit or checksum), because it writes and executes arbitrary code on the user's machine.
Credentials
Registry metadata declares no required env vars, but the instructions require/ask for LLM API keys (OPENAI_API_KEY or ACP credentials) and optionally Semantic Scholar or messaging credentials. Requesting these keys is plausible for the tool's features, but the mismatch with declared requirements and the potential need for additional messaging/cron credentials (Discord/Slack/Telegram tokens) increases risk and attack surface. The skill also encourages enabling persistent memory and scheduled runs which will retain and reuse credentials or outputs.
Persistence & Privilege
The skill itself is not marked always:true, but it instructs enabling features that grant persistent presence (cron scheduled runs, cross-session memory, messaging notifications, spawning sub-sessions, writing to ~/.metaclaw/skills). Those behaviors introduce longer-term persistence and automated execution beyond a single interactive run and should be treated cautiously because they expand the blast radius if the installed code is malicious or vulnerable.
What to consider before installing
This skill will clone and install a third‑party GitHub project and then run an autonomous pipeline that may execute arbitrary code, use your LLM API keys, access the web, and create scheduled jobs or persistent memory. Before installing: (1) review the GitHub repo and pin to a known-good commit; (2) run the install inside an isolated environment (container or disposable VM) rather than on your main host; (3) do not hand over high-privilege or broad API keys — use least-privilege/test keys where possible; (4) avoid enabling cron/web-fetch/messaging/use_memory until you have inspected the code and understood what data is sent externally; (5) verify licensing, maintainer identity, and whether the project has reproducible releases and checksums; (6) if you need assurance, ask the skill author for a homepage, maintainer contact, or an audit of the repository. If you are not comfortable reviewing or sandboxing the code, do not install it.Like a lobster shell, security has layers — review code before you run it.
latestvk97fm558cawrkvdbby457f96gh835z8n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.