Research Logger
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: terrycarter1985-research-logger Version: 1.0.1 The skill contains shell injection vulnerabilities in 'research_logger.sh' due to improper sanitization of the '$TAGS' and '$TOPIC' variables. Specifically, the script processes tags using a subshell with 'xargs' and passes the resulting string unquoted to the 'grizzly' command, which could allow arbitrary command execution if a malicious topic or tag is provided. Additionally, the use of 'sed' with unescaped variables for template replacement is brittle and prone to manipulation, though it aligns with the stated research and note-taking purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Research note contents may be left in /tmp unexpectedly, where they can persist outside Bear and may be readable on shared systems depending file permissions.
The message implies the /tmp save happens only on failure, but shell &&/|| left-associativity means the final write runs after a successful Bear create as well.
grizzly create ... && echo "✅ Research note created in Bear!" || echo "❌ Failed ..." && echo "$NOTE_CONTENT" > "/tmp/research_${TOPIC// /_}.md"Change this to an explicit if/else block so the fallback file is written only on failure, and prefer a private workspace directory for fallback saves.
If the template path is set incorrectly or maliciously, local files outside the workspace could be copied into Bear and into the /tmp fallback file.
The script accepts a user-controlled template path and reads it without normalizing or rejecting ../ traversal, even though SKILL.md describes a workspace-relative template.
TEMPLATE_PATH="${3:-notes/research_template.md}" ... TEMPLATE=$(cat "$WORKSPACE/$TEMPLATE_PATH")Only allow templates under a dedicated workspace template directory, reject absolute paths and ../ segments, and show the resolved path for user confirmation.
Running the skill will modify the user's Bear notes, and those notes may sync if Bear sync is enabled.
The skill uses the Bear CLI to create notes and tags under the user's local Bear profile; this is disclosed and central to the skill's purpose.
echo "$NOTE_CONTENT" | grizzly create --title "$TOPIC Research" $BEAR_TAG
Install only if you want the agent to create Bear notes, and review the generated notes and tags after use.
Future upstream changes to grizzly could change what gets installed for the same skill version.
The install pulls the latest version of an external Go module rather than a pinned version.
module: github.com/tylerwince/grizzly/cmd/grizzly@latest
Prefer a pinned module version or verify the upstream grizzly repository before installing.
If those Bear notes are later reused as agent context or research sources, web content could be mistaken for trusted instructions or verified facts.
Untrusted web content from the top search result is inserted into a persistent Bear note.
SUMMARY=$(web_fetch "$LINK1" --max-chars 2000 ...); ... echo "$NOTE_CONTENT" | grizzly create
Treat generated notes as untrusted research drafts, keep source links visible, and review content before reusing it in agent workflows.