ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ScienceClaw: Query (Dry Run)

v1.0.2

Run a scientific investigation on any topic and return findings directly to chat — without posting to Infinite. Use this for quick research, previews, or whe...

0· 224·1 current·1 all-time
byFiona Wang@fwang108
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (dry-run scientific investigation) align with the instructions to run a local scienceclaw-post script under SCIENCECLAW_DIR using python3. Requesting ANTHROPIC_API_KEY as the primary credential is plausible if the script uses Anthropic LLMs. However, the skill executes a local binary (bin/scienceclaw-post) and may rely on repository-specific tooling and optional env vars (COMMUNITY, SKILLS, AGENT, SCIENCECLAW_DIR). That runtime dependency on local code/repo is expected for this purpose but worth noting.
!
Instruction Scope
SKILL.md instructs the agent to cd into a local path (SCIENCECLAW_DIR), optionally source a .venv, and run a local script (bin/scienceclaw-post) with --dry-run. It also tells the agent to read workspace memory.md to prepend project context. These steps cause the agent to execute arbitrary local code and read local files not declared in the manifest; they could access or transmit any data the script is written to handle. The instructions do not constrain or verify what bin/scienceclaw-post will do, so the agent may perform broad file I/O or network calls.
Install Mechanism
No install spec and no code files in the skill package (instruction-only). That minimizes supply-chain risk from the skill bundle itself. The runtime executes local repository code (scienceclaw-post), but the skill does not download or install external artifacts.
Credentials
Only declared credential is ANTHROPIC_API_KEY which is reasonable for a skill that likely calls Anthropic LLMs. The SKILL.md also references environment variables (SCIENCECLAW_DIR, COMMUNITY, SKILLS, AGENT) and optionally reads memory.md; those are not listed in requires.env or config paths. The manifest therefore under-declares workspace/file access and env usage. There are no unrelated credentials requested.
Persistence & Privilege
always is false and agent invocation is normal. The skill does not request permanent presence nor modify other skills or agent-wide configs according to the manifest. Autonomous invocation is allowed (default) but not combined with other high-risk indicators here.
What to consider before installing
This skill runs a local script (SCIENCECLAW_DIR/bin/scienceclaw-post) and may source a .venv and read workspace memory.md before returning results. Before installing or enabling it: 1) Inspect the repository and the bin/scienceclaw-post script to see what files and endpoints it accesses and whether it performs network calls or uploads data. 2) Check memory.md contents for any secrets or private information you don't want read or included in results. 3) Confirm you trust the Anthropic API key use; if possible, use a scoped or expendable key. 4) If you don't want the agent to execute arbitrary local code, do not enable autonomous invocation or run the skill in a sandboxed environment. 5) Consider asking the skill author to declare the expected config paths and optional environment variables explicitly in the manifest (SCIENCECLAW_DIR, COMMUNITY, SKILLS, AGENT) so the scope is transparent.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧪 Clawdis
Binspython3
Primary envANTHROPIC_API_KEY
biologyvk971z666zbkbr0z4d8q4qmbkdx83405jchemistryvk971z666zbkbr0z4d8q4qmbkdx83405jlatestvk971z666zbkbr0z4d8q4qmbkdx83405jmulti-agentvk971z666zbkbr0z4d8q4qmbkdx83405jpubmedvk971z666zbkbr0z4d8q4qmbkdx83405jresearchvk971z666zbkbr0z4d8q4qmbkdx83405jsciencevk971z666zbkbr0z4d8q4qmbkdx83405jscienceclawvk971z666zbkbr0z4d8q4qmbkdx83405j
224downloads
0stars
3versions
Updated 3h ago
v1.0.2
MIT-0
Fiona Wang@fwang108
biologychemistrylatestmulti-agentpubmedresearchsciencescienceclaw
Download

ScienceClaw: Query (Dry-Run Investigation)

Run a full ScienceClaw investigation and return the findings to the conversation — no post created on Infinite.

When to use

Use this skill when the user:

  • Asks a scientific question but does not want results posted
  • Says "just show me", "don't post", "preview", "what would you find about…"
  • Wants a quick research summary without committing to a full Infinite post
  • Is exploring a topic before deciding whether to investigate further

How to run

SCIENCECLAW_DIR="${SCIENCECLAW_DIR:-$HOME/scienceclaw}"
cd "$SCIENCECLAW_DIR"

# Activate venv if present
[ -f ".venv/bin/activate" ] && source .venv/bin/activate

python3 "$SCIENCECLAW_DIR/bin/scienceclaw-post" \
  --topic "<TOPIC>" \
  --dry-run \
  ${COMMUNITY:+--community "$COMMUNITY"} \
  ${SKILLS:+--skills "$SKILLS"} \
  ${AGENT:+--agent "$AGENT"}

Parameters

  • <TOPIC> — research topic (required). Use the user's exact phrasing.
  • --dry-runalways include this. Prevents posting to Infinite.
  • --community — topic domain (optional, auto-selected if omitted):
    • biology — proteins, genes, organisms, disease mechanisms
    • chemistry — compounds, reactions, synthesis, ADMET
    • materials — materials science, crystal structures
    • scienceclaw — cross-domain or general
  • --skills — comma-separated list of specific skills to use (optional, overrides agent profile). Example: pubmed,uniprot,rdkit
  • --agent — agent name (optional, defaults to profile name or ScienceClaw)
  • --max-results — number of literature results to pull (default: 3)

Example invocations

# Quick biology query
cd ~/scienceclaw && python3 bin/scienceclaw-post --topic "tau protein aggregation in Alzheimer's" --dry-run

# Chemistry query with forced skills
cd ~/scienceclaw && python3 bin/scienceclaw-post --topic "ibrutinib ADMET profile" --community chemistry --skills pubchem,rdkit,tdc --dry-run

# Cross-domain preview
cd ~/scienceclaw && python3 bin/scienceclaw-post --topic "CRISPR off-target effects in somatic cells" --dry-run --max-results 5

Workspace context injection

Before running, check if the user's workspace memory contains project context:

  • Read memory.md in the workspace for stored research focus, organism, compound, or disease
  • If found, prepend that context to the topic string: e.g. "tau aggregation [project context: studying frontotemporal dementia, human iPSC model]"

After running

Report back to the user:

  • A summary of key findings (list top 3–5)
  • Which tools/skills were used
  • How many literature sources were pulled
  • Offer follow-up options:
    • "Want me to post this to Infinite?" → use scienceclaw-post skill
    • "Want a deeper multi-agent investigation?" → use scienceclaw-investigate skill
    • "Want to investigate a local file instead?" → use scienceclaw-local-files skill

Comments

Loading comments...