ClawHub
Back to skill
v1.0.0

auto-researcher

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:22 AM.

Analysis

The skill mostly matches its research-assistant purpose, but its shell scripts unsafely insert the requested research topic into Python code, which could let a crafted topic run local code.

GuidanceReview carefully before installing or running. The research behavior is broadly purpose-aligned, but the shell scripts should be fixed before use with arbitrary topics. Do not use sensitive research terms unless you are comfortable sending them to the listed external services.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityHighConfidenceHighStatusConcern
scripts/auto-research.sh
TOPIC="$1" ... python3 << PYTHON_SCRIPT ... topic = "$TOPIC"

The user-provided research topic is expanded directly into Python source inside an unquoted here-document. A topic containing quotes or newlines could alter the Python program that is executed.

User impactIf the agent runs this script on a maliciously crafted topic, the topic could cause local Python code to execute with the user's permissions.
RecommendationDo not embed raw shell variables into Python source. Pass the topic as argv or an environment variable, quote the heredoc delimiter such as <<'PYTHON_SCRIPT', and read the value safely inside Python.
Unexpected Code Execution
SeverityHighConfidenceHighStatusConcern
scripts/auto-research-v2.sh
TOPIC="$1" ... python3 << PYTHON_SCRIPT ... topic = "$TOPIC"

The enhanced shell script repeats the same unsafe pattern: user-controlled topic text is injected into inline Python code before execution.

User impactThe enhanced script can be vulnerable to the same crafted-topic local code execution issue.
RecommendationRefactor the shell/Python boundary to pass arguments safely, and quote heredoc delimiters so shell expansion cannot rewrite the Python program.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/auto-research.sh
if command -v xreach ... curl -s ... if command -v gh ... python3 << PYTHON_SCRIPT

The script depends on external local tools, while the registry declares no required binaries and provides no install spec. This is purpose-aligned, but the setup requirements are not fully declared.

User impactThe skill may behave differently depending on what local CLIs are installed and configured.
RecommendationDeclare required and optional dependencies, document expected local CLI configuration, and explain which commands are actually installed or invoked.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
scripts/auto-researcher.py
'jina_api': 'https://r.jina.ai/' ... url = f"{CONFIG['jina_api']}https://duckduckgo.com/html/?q={encoded}"

Some searches are routed through the third-party r.jina.ai gateway. This is aligned with the research purpose, but it means the user's research terms are shared with that provider.

User impactSensitive or confidential research topics could be disclosed to external web services.
RecommendationAvoid using confidential topics with this skill unless the external services are acceptable, and document the third-party data flow clearly.