ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A research is searching around something.

v1.3.0

6-step structured research skill. Searches arXiv, reads 5 papers via markitdown, has Claude select the best 2, runs 4 targeted web searches (explanation, Git...

0· 73·0 current·0 all-time
byJay@goog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to run a 6-step research pipeline (arXiv + web + LLM). Requiring SERPER_API_KEY (web search) makes sense. Requiring OPENROUTER_API_KEY could be reasonable if it uses OpenRouter as the LLM proxy, but the shipped code explicitly interacts with Anthropic/Claude endpoints (GET /v1/models, x-api-key headers, CLI flag --anthropic-key). The declared env list omits ANTHROPIC_API_KEY while the code expects an Anthropic key — this mismatch is incoherent and should be clarified. The web_fetcher module supports proxy pools and browser-fingerprinting libraries (curl_cffi, fake-useragent), which are stronger capabilities than a minimal research tool needs.
!
Instruction Scope
Runtime instructions (SKILL.md) match the stated pipeline (download PDFs, convert via markitdown, perform Serper searches, call an LLM to select and synthesize). However: (1) the SKILL.md and code reference Claude/Anthropic behavior but declared env vars don't include ANTHROPIC_API_KEY; (2) the tool fetches full web pages and sends them to remote LLM/search APIs — expected for this skill but important to note because fetched page contents (including private or paywalled snippets if URLs are provided) will be transmitted externally; (3) SKILL.md instructs installing packages and copying the script into /usr/local/bin, which writes to system locations rather than remaining instruction-only.
Install Mechanism
There is no formal registry install spec (instruction-only). SKILL.md contains explicit 'pip install ...' commands and 'cp scripts/owl.py /usr/local/bin' — these are manual steps that modify the system environment. The Python dependencies include markitdown, curl_cffi, BeautifulSoup, lxml and fake-useragent. Nothing is downloaded from obscure URLs, but the suggested installs create executable system-level tooling (potentially persistent) and install libraries used for stealthy scraping.
!
Credentials
Registry requires OPENROUTER_API_KEY and SERPER_API_KEY which is plausible (LLM proxy + web search). The code, CLI flags, and SKILL.md also reference ANTHROPIC_API_KEY / Claude and provide a --anthropic-key flag; yet ANTHROPIC_API_KEY is not declared as required. That mismatch is the primary disproportion — you may need to supply additional LLM credentials not listed. No other unrelated secrets are requested, but the omission reduces transparency.
Persistence & Privilege
The skill is not force-included (always: false) and allows normal autonomous invocation. It does not request to change other skills' configs. The SKILL.md does tell users to copy the script to /usr/local/bin (system-wide executable) which creates persistence on the host if followed, but this is a manual instruction rather than an automatic install step from the registry.
What to consider before installing
This skill largely does what it says (download papers, convert, web-search, synthesize) but has a few red flags you should resolve before installing: - Confirm which LLM provider it will use: the code calls Anthropic/Claude endpoints and has a --anthropic-key flag, but the registry only lists OPENROUTER_API_KEY. Ask the author which key the tool needs and whether OpenRouter or Anthropic will be used. Do not provide unrelated credentials. - Review the code paths that send extracted PDF/text/web content to remote APIs (OpenRouter / Anthropic / Serper). If you plan to run on sensitive topics or internal URLs, be aware those contents will be transmitted externally. - The included web_fetcher supports proxy pools, stealth headers, and curl_cffi fingerprinting — useful for scraping but able to bypass rate-limits/blocks. If that worries you, run the tool in a sandbox, restrict networking, or remove/disable proxy features. - The SKILL.md tells you to pip-install packages and copy the script into /usr/local/bin. Prefer running inside a virtualenv or container instead of installing system-wide, and inspect the scripts' source before making them executable. If you cannot get clarification from the publisher, treat this skill as untrusted: run it in an isolated environment, avoid supplying extra credentials until clarified, and consider adding the missing ANTHROPIC_API_KEY to the declared metadata only after confirming its legitimate need.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dq7pxrfpwy24h63pqawxapn84wp08

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython
EnvOPENROUTER_API_KEY, SERPER_API_KEY

Comments