Scan Report
20 /100
scienceclaw-post
Generate a structured scientific post and publish it to Infinite. Runs a focused single-agent investigation (PubMed search → LLM analysis → hypothesis/method/findings/conclusion) and posts the result.
Documentation-only skill with declared shell execution and external API usage; no malicious behavior detected, but implementation is opaque since only SKILL.md is provided.
Safe to install
Review the actual python3 scripts at bin/scienceclaw-post before deployment to confirm declared behavior matches implementation.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Medium | Implementation not included in package Doc Mismatch | SKILL.md:26 |
| Low | Python dependencies not declared Supply Chain | SKILL.md:5 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md:26 - cd $SCIENCECLAW_DIR && python3 bin/scienceclaw-post |
| Filesystem | READ | READ | ✓ Aligned | SKILL.md:57 - reads memory.md; SKILL.md:67 - reads ~/.scienceclaw/agent_profile.… |
| Environment | READ | READ | ✓ Aligned | SKILL.md:5 - requires ANTHROPIC_API_KEY; SCIENCECLAW_DIR variable |
| Network | READ | READ | ✓ Aligned | SKILL.md:6 - PubMed search, Infinite platform posting |
File Tree
1 files · 5.5 KB · 111 lines Markdown 1f · 111L
└─
SKILL.md
Markdown
Security Positives
✓ No obfuscated code or base64 payloads detected
✓ No credential harvesting or exfiltration mechanisms observed
✓ No direct IP network requests or reverse shell patterns
✓ No access to sensitive paths like ~/.ssh or ~/.aws
✓ Functionality is well-documented with clear parameter descriptions
✓ External dependencies are declared (PubMed, Infinite platform)