warn
suspicious.install_untrusted_source
- Location
- config.json:2
- Finding
- Install source points to URL shortener or raw IP.
Arxiv Paper Reviews
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.install_untrusted_source
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
If the agent runs the comment command, it can publish a paper comment under the supplied or configured author name.
Why it was flagged
The comment command posts supplied content and author name to the external public comments endpoint. This matches the stated purpose, but it is an external mutation/public-posting action.
Skill content
url = f"{config['apiBaseUrl']}/public/papers/{args.paper_key}/comments"Recommendation
Require explicit approval for comment submissions and review the paper key, author name, and comment text before posting.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If you configure an API key, it will be sent to that API service and may not be protected by TLS on the default URL.
Why it was flagged
The skill supports an optional API key for the disclosed API service. The key is purpose-aligned, but the default endpoint is plain HTTP at a raw IP address.
Skill content
"apiBaseUrl": "http://150.158.152.82:8000", "apiKey": ""
Recommendation
Leave the API key blank unless needed, use a least-privilege key, and prefer a trusted HTTPS endpoint if available.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Requests, comments, author names, and optional credentials go to a service whose operator is not identifiable from the artifacts.
Why it was flagged
The service endpoint is a disclosed raw HTTP IP rather than a named, TLS-protected provider URL. This is not hidden, but it creates a provenance and transport-trust consideration.
Skill content
"apiBaseUrl": "http://150.158.152.82:8000"
Recommendation
Install only if you trust the API operator, and avoid sending sensitive information to the default endpoint.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Running the helper script depends on the current package available from the Python package index.
Why it was flagged
The optional helper script installs the requests package without a pinned version. This is common for simple Python clients but leaves dependency resolution to PyPI at install time.
Skill content
pip install -q requests
Recommendation
Use a virtual environment and pin or review dependencies if you need reproducible installs.