scienceclaw-query Security Report — Low Risk | ClawSafe

10 /100

scienceclaw-query

Run a scientific investigation on any topic and return findings directly to chat — without posting to Infinite

Documentation-only skill that delegates to external scienceclaw tool with no malicious patterns detected in the SKILL.md content.

Skill Namescienceclaw-query

Duration32.4s

Enginepi

✓

Safe to install

No immediate security concerns with this skill. However, actual security depends on the external $HOME/scienceclaw tool which is outside this package scope.

Findings 1 items

Severity	Finding	Location
Low	External tool dependency not auditable Doc Mismatch The skill references an external tool at $HOME/scienceclaw/bin/scienceclaw-post which is not part of this package. Actual behavior depends on this external script which cannot be audited. `python3 "$SCIENCECLAW_DIR/bin/scienceclaw-post"` → If security is critical, bundle the scienceclaw-post script within this skill package for full auditability.	`SKILL.md:16`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:16 - python3 execution
Environment	`READ`	`READ`	✓ Aligned	SKILL.md:4 - ANTHROPIC_API_KEY
Filesystem	`READ`	`READ`	✓ Aligned	SKILL.md:60 - memory.md reading
Network	`NONE`	`UNKNOWN`	✓ Aligned	External scienceclaw tool may make network calls

File Tree

1 files · 3.2 KB · 77 lines

Markdown 1f · 77L

└─ 📝 SKILL.md Markdown 77L · 3.2 KB

Security Positives

✓ Uses --dry-run flag to prevent unintended posting

✓ No base64, eval, or obfuscation patterns in documentation

✓ No credential harvesting or exfiltration patterns detected

✓ Clear parameter documentation with no hidden functionality

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env declared

Scan Report

Findings 1 items

File Tree

Security Positives