ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adaptive Depth Research v6.0 Universal

v6.0.1

Perform adaptive multi-source research with configurable domains, auto PDF retrieval, universal extraction, and generate layered reports for decision, valida...

0· 89·0 current·0 all-time
by@xueylee-dotcom
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise (multi-source retrieval, PDF download, universal extraction, layered reports) matches the provided scripts and templates: arXiv/PubMed/PMC retrieval, PDF download + parsing, card/report generation and synthesis. No unrelated cloud credentials or services are requested.
!
Instruction Scope
SKILL.md and scripts instruct the agent to fetch external resources (arXiv, PubMed, PMC, arbitrary web URLs) and download PDFs. That matches purpose, but the instructions and scripts will perform arbitrary HTTP requests and write intermediate files (e.g., /tmp/{card}_extracted.json and created research directories). The scripts assume the agent can make outbound network connections and write files; they also run Python code that will follow URLs provided by topic/search results or user arguments — so if an attacker supplies or influences input URLs, the skill could fetch arbitrary endpoints (risk of SSRF or fetching sensitive internal endpoints). The SKILL.md does not explicitly warn about these network/file effects.
!
Install Mechanism
This is instruction-only (no install spec), so nothing will be automatically downloaded at install time. However, the code requires Python 3 and third‑party libraries (requests, pdfplumber or pdftotext) that are not declared in the skill metadata or SKILL.md. Users must manually ensure dependencies are installed; omission increases risk of user running scripts with missing/incorrect libs or installing arbitrary packages to satisfy them.
Credentials
The skill declares no required environment variables or credentials (appropriate). It nevertheless performs network calls to public APIs and writes files to disk (/tmp and skill workspace). No secrets are requested. This is proportionate to the stated purpose, but note: NCBI/Entrez requests may benefit from API keys for high-volume usage; the skill does not request or document an API key or rate-limiting behavior. Also, a hardcoded invocation in run-research.sh references /root/.openclaw/workspace/skills/deep-research/scripts/check-sourcing.sh (absolute root path), which is atypical and may fail or indicate an assumption about runtime layout.
Persistence & Privilege
always:false and default autonomous invocation settings — normal. The skill does not request permanent platform-wide privileges or attempt to modify other skills. It writes outputs under created research directories and temporary /tmp files only; no evidence of modifying other skill configs or system-wide settings.
What to consider before installing
What to consider before installing/using: - Function vs requirements: The skill does what it says (download/search papers, parse PDFs, build reports). However the package metadata does NOT list required runtime dependencies (python3, requests, and either pdfplumber or pdftotext). Install these from known sources before running. - Network and file I/O: Scripts make outbound HTTP(S) calls to arXiv, NCBI/PMC, PubMed eutils and arbitrary URLs you pass. They download PDFs and write to /tmp and a research/ workspace. Only run in an environment where outbound network requests and temporary file writes are acceptable (use a sandbox or isolated VM for initial testing). - Input-driven fetching (SSRF risk): Because URLs and search terms may lead the tool to fetch arbitrary endpoints, do not run untrusted topics/URLs. If an attacker can control inputs, the tool could be induced to access internal services or fetch malicious content. Validate inputs and run in a network-restricted environment if you need to limit that risk. - Missing dependency and doc gaps: The skill should document Python package requirements and any rate-limit/API-key expectations for Entrez/eutils. Consider adding a requirements.txt or Dockerfile and clarifying expected runtime paths. - Hardcoded path: run-research.sh calls a check-sourcing script via an absolute path (/root/.openclaw/...), which is unusual and may fail or indicate assumptions about the host environment. Inspect and if needed, adjust the path to refer to the skill-relative script (scripts/check-sourcing.sh) before running. - Legal/compliance: The skill attempts to download PDFs and may attempt paywalled content; ensure you have rights to fetch and store copyrighted material and that you comply with terms of use for third-party services. - Practical steps before running: 1) Review scripts locally and run in an isolated sandbox/VM. 2) Install dependencies from trusted package sources (pip install requests pdfplumber or pdftotext). Prefer pinning versions. 3) Replace the absolute /root/.openclaw path with the relative skill path if necessary. 4) Limit network access if you want to prevent the skill from reaching internal endpoints. 5) If you expect heavy Entrez usage, add an NCBI API key and rate-limit handling. Overall: the skill appears coherent with its research purpose but has implementation omissions and a few brittle assumptions that warrant manual review and sandboxed testing prior to use.

Like a lobster shell, security has layers — review code before you run it.

adaptivevk97fw9aj028hm8v4nmzj6vds4h836twclatestvk97fw9aj028hm8v4nmzj6vds4h836twcresearchvk97fw9aj028hm8v4nmzj6vds4h836twcuniversalvk97fw9aj028hm8v4nmzj6vds4h836twcv6vk97fw9aj028hm8v4nmzj6vds4h836twc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments