cross-disciplinary-bridge-finder Security Report — Low Risk | ClawSafe

15 /100

cross-disciplinary-bridge-finder

Identifies collaboration opportunities across fields, finds experts in complementary disciplines, translates methodologies between scientific domains, and builds interdisciplinary research teams.

Legitimate cross-disciplinary research tool with no malicious behavior; minor doc-code mismatch on declared permissions but no security impact.

Skill Namecross-disciplinary-bridge-finder

Duration62.6s

Enginepi

✓

Safe to install

This skill is safe to use. Consider updating SKILL.md to accurately reflect that only standard Python libraries are used (no shell access or file I/O tools required).

Findings 2 items

Severity	Finding	Location
Low	Permission declaration mismatch Doc Mismatch SKILL.md declares 'Read Write Bash Edit' tools but the actual implementation uses none of these. The code only imports standard Python libraries (argparse, json, os, re, sys, dataclasses, pathlib, uuid, datetime, numpy, networkx, sklearn) with no external tool usage. `allowed-tools: "Read Write Bash Edit"` → Update SKILL.md to accurately reflect used tools, or remove tool declarations if not applicable.	`SKILL.md:4`
Low	Dependencies not version-pinned Supply Chain scripts/requirements.txt uses >= versioning for all dependencies without upper bounds, which could allow incompatible or compromised versions to be installed. `networkx>=2.8 numpy>=1.21 ...` → Pin versions with both minimum and maximum bounds, e.g., 'networkx>=2.8,<3.0'	`scripts/requirements.txt:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`WRITE`	`NONE`	✓ Aligned	SKILL.md:4 declares 'Write' but main.py only uses pathlib.Path for DATA_DIR crea…
Shell	`WRITE`	`NONE`	✓ Aligned	SKILL.md:4 declares 'Bash' but main.py contains no subprocess, os.system, or any…
Network	`NONE`	`NONE`	—	No network requests found in code
Environment	`NONE`	`NONE`	—	No os.environ access or credential harvesting

File Tree

5 files · 44.3 KB · 1201 lines

Python 1f · 1078L Markdown 1f · 102L Text 2f · 11L JSON 1f · 10L

├─ ▾ 📁 scripts

│ ├─ 🐍 main.py Python 1078L · 40.0 KB

│ └─ 📄 requirements.txt Text 7L · 98 B

├─ 📄 requirements.txt Text 4L · 35 B

├─ 📝 SKILL.md Markdown 102L · 3.9 KB

└─ 📋 tile.json JSON 10L · 259 B

Dependencies 7 items

Package	Version	Source	Known Vulns	Notes
`networkx`	`>=2.8`	pip	No	Version not pinned with upper bound
`numpy`	`>=1.21`	pip	No	Version not pinned with upper bound
`pandas`	`>=1.3`	pip	No	Version not pinned with upper bound
`scikit-learn`	`>=1.0`	pip	No	Version not pinned with upper bound
`matplotlib`	`>=3.5`	pip	No	Version not pinned with upper bound
`seaborn`	`>=0.11`	pip	No	Version not pinned with upper bound
`openai`	`>=1.0`	pip	No	Imported but not actually used in code; version not pinned

Security Positives

✓ No shell execution (no subprocess, os.system, or command injection)

✓ No network requests or data exfiltration

✓ No credential harvesting or sensitive file access (~/.ssh, ~/.aws, .env)

✓ No obfuscation techniques (no base64, eval, or anti-analysis)

✓ No reverse shell or C2 communication patterns

✓ Legitimate academic research tool with clear, understandable logic

✓ Uses well-established libraries (networkx, numpy, scikit-learn) with no custom dangerous code

Scan Report

Findings 2 items

File Tree

Dependencies 7 items

Security Positives