paper-research-agent 安全扫描报告 — 可信 | ClawSafe

5 /100

paper-research-agent

Autonomous multi-agent paper research system with parallel sub-agent analysis, 6-section structured reports, and arXiv integration

Legitimate academic paper research tool with clear documentation, proper declared capabilities, and no malicious indicators.

技能名称paper-research-agent

分析耗时40.7s

引擎pi

✓

可以安装

This skill is safe to use. No security concerns identified.

安全发现 1 项

严重性	安全发现	位置
低危	Auto-install with unpinned dependencies 供应链 The ensure_deps() function auto-installs dependencies without version pinning (deps = ['arxiv', 'requests', 'pdfplumber']). While this is common practice, version pinning would improve reproducibility. `subprocess.run([sys.executable, '-m', 'pip', 'install', dep, '-q'])` → Consider pinning versions: 'arxiv>=1.4.0', 'requests>=2.28.0', 'pdfplumber>=0.10.0'	`scripts/research_pipeline.py:20`

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md lines 152-155: file writes for output directories
网络访问	`READ`	`READ`	✓ 一致	SKILL.md lines 30-32: arXiv API integration; research_pipeline.py line 178: requ…
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md lines 145-150: subprocess.run with python3 for pipeline execution
环境变量	`NONE`	`NONE`	—	No os.environ access detected in code
技能调用	`READ`	`READ`	✓ 一致	SKILL.md lines 165-176: sessions_spawn for sub-agents
剪贴板	`NONE`	`NONE`	—	No clipboard access in code
浏览器	`NONE`	`NONE`	—	No browser automation in code
数据库	`NONE`	`NONE`	—	No database access in code

5 文件 · 44.3 KB · 1468 行

Markdown 3f · 1033L Python 1f · 427L JSON 1f · 8L

├─ ▾ 📁 references

│ └─ 📝 analysis_standards.md Markdown 480L · 13.0 KB

├─ ▾ 📁 scripts

│ └─ 🐍 research_pipeline.py Python 427L · 14.5 KB

├─ 📋 _meta.json JSON 8L · 453 B

├─ 📝 README.md Markdown 238L · 7.3 KB

└─ 📝 SKILL.md Markdown 315L · 9.0 KB

包名	版本	来源	已知漏洞	备注
`arxiv`	`*`	pip	否	Version not pinned - auto-installed
`requests`	`*`	pip	否	Version not pinned - auto-installed
`pdfplumber`	`*`	pip	否	Version not pinned - auto-installed

✓ Documentation accurately reflects all implemented functionality

✓ All subprocess calls explicitly declared in SKILL.md

✓ Network requests limited to legitimate arXiv.org domain only

✓ No credential harvesting or sensitive file access

✓ No data exfiltration mechanisms present

✓ No obfuscation techniques detected

✓ No remote script execution from external sources

✓ Clean code structure with no hidden functionality

✓ MIT license provided, author clearly identified