Security Audit

academic-research-hub

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

academic-research-hub received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 18 findings: 4 critical, 1 high, 7 medium, and 6 low severity. Key findings include Suspicious import: requests, Potential data exfiltration: file read + network send, Unpinned Python dependency version.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

78%

Dependency Graph

58%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

3 findings

Filesystem Write

11 findings

Shell Execution

4 findings

Excessive Permissions

5 findings

Security Findings18

Severity	Finding	Layer	Location
CRITICAL	Arbitrary File Write via Path Traversal The skill allows users to specify arbitrary file paths for output and download directories (`--output`, `--output-dir`). The script constructs file paths using `Path(output_dir)` or `Path(filepath)` directly from user input without sanitization for path traversal characters (e.g., `../`). An attacker could use this to write files to sensitive locations outside the intended directory, potentially overwriting system files, creating malicious executables, or exfiltrating data by writing to a publicly accessible directory. Sanitize user-provided file paths to prevent path traversal. Ensure that all output paths are strictly confined to a designated, non-sensitive directory (e.g., a sandbox or temporary directory). Use `os.path.abspath` and `os.path.commonprefix` or `pathlib.Path.resolve()` with a base directory check to validate paths before writing.	LLM	scripts/research.py:200
CRITICAL	Arbitrary File Write via Path Traversal The skill allows users to specify arbitrary file paths for output and download directories (`--output`, `--output-dir`). The script constructs file paths using `Path(output_dir)` or `Path(filepath)` directly from user input without sanitization for path traversal characters (e.g., `../`). An attacker could use this to write files to sensitive locations outside the intended directory, potentially overwriting system files, creating malicious executables, or exfiltrating data by writing to a publicly accessible directory. Sanitize user-provided file paths to prevent path traversal. Ensure that all output paths are strictly confined to a designated, non-sensitive directory (e.g., a sandbox or temporary directory). Use `os.path.abspath` and `os.path.commonprefix` or `pathlib.Path.resolve()` with a base directory check to validate paths before writing.	LLM	scripts/research.py:260
CRITICAL	Arbitrary File Write via Path Traversal The skill allows users to specify arbitrary file paths for output and download directories (`--output`, `--output-dir`). The script constructs file paths using `Path(output_dir)` or `Path(filepath)` directly from user input without sanitization for path traversal characters (e.g., `../`). An attacker could use this to write files to sensitive locations outside the intended directory, potentially overwriting system files, creating malicious executables, or exfiltrating data by writing to a publicly accessible directory. Sanitize user-provided file paths to prevent path traversal. Ensure that all output paths are strictly confined to a designated, non-sensitive directory (e.g., a sandbox or temporary directory). Use `os.path.abspath` and `os.path.commonprefix` or `pathlib.Path.resolve()` with a base directory check to validate paths before writing.	LLM	scripts/research.py:319
CRITICAL	Arbitrary File Write via Path Traversal The skill allows users to specify arbitrary file paths for output and download directories (`--output`, `--output-dir`). The script constructs file paths using `Path(output_dir)` or `Path(filepath)` directly from user input without sanitization for path traversal characters (e.g., `../`). An attacker could use this to write files to sensitive locations outside the intended directory, potentially overwriting system files, creating malicious executables, or exfiltrating data by writing to a publicly accessible directory. Sanitize user-provided file paths to prevent path traversal. Ensure that all output paths are strictly confined to a designated, non-sensitive directory (e.g., a sandbox or temporary directory). Use `os.path.abspath` and `os.path.commonprefix` or `pathlib.Path.resolve()` with a base directory check to validate paths before writing.	LLM	scripts/research.py:380
HIGH	Potential data exfiltration: file read + network send Function 'download_arxiv_papers' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers.	Static	skills/anisafifi/academic-research-hub/scripts/research.py:169
MEDIUM	Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	skills/anisafifi/academic-research-hub/scripts/research.py:36
MEDIUM	Unpinned Python dependency version Requirement 'arxiv>=2.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/anisafifi/academic-research-hub/scripts/requirements.txt:4
MEDIUM	Unpinned Python dependency version Requirement 'semanticscholar>=0.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/anisafifi/academic-research-hub/scripts/requirements.txt:7
MEDIUM	Unpinned Python dependency version Requirement 'biopython>=1.81' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/anisafifi/academic-research-hub/scripts/requirements.txt:10
MEDIUM	Unpinned Python dependency version Requirement 'requests>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/anisafifi/academic-research-hub/scripts/requirements.txt:13
MEDIUM	Unpinned Python dependency version Requirement 'beautifulsoup4>=4.12.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/anisafifi/academic-research-hub/scripts/requirements.txt:16
MEDIUM	Unpinned Python dependency version Requirement 'lxml>=4.9.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/anisafifi/academic-research-hub/scripts/requirements.txt:17
LOW	Partially Pinned Dependencies The `requirements.txt` file uses minimum version pinning (`>=`) for several dependencies instead of exact version pinning (`==`). While this allows for minor updates, it introduces a slight supply chain risk as a newer, potentially vulnerable version of a dependency could be installed without explicit review. Exact pinning ensures reproducibility and prevents unexpected changes from upstream packages. Consider using exact version pinning (e.g., `arxiv==2.0.0`) for all dependencies in `requirements.txt` to ensure build reproducibility and mitigate risks from unexpected updates. Regularly audit and update pinned versions.	LLM	scripts/requirements.txt:4
LOW	Partially Pinned Dependencies The `requirements.txt` file uses minimum version pinning (`>=`) for several dependencies instead of exact version pinning (`==`). While this allows for minor updates, it introduces a slight supply chain risk as a newer, potentially vulnerable version of a dependency could be installed without explicit review. Exact pinning ensures reproducibility and prevents unexpected changes from upstream packages. Consider using exact version pinning (e.g., `semanticscholar==0.8.0`) for all dependencies in `requirements.txt` to ensure build reproducibility and mitigate risks from unexpected updates. Regularly audit and update pinned versions.	LLM	scripts/requirements.txt:7
LOW	Partially Pinned Dependencies The `requirements.txt` file uses minimum version pinning (`>=`) for several dependencies instead of exact version pinning (`==`). While this allows for minor updates, it introduces a slight supply chain risk as a newer, potentially vulnerable version of a dependency could be installed without explicit review. Exact pinning ensures reproducibility and prevents unexpected changes from upstream packages. Consider using exact version pinning (e.g., `biopython==1.81`) for all dependencies in `requirements.txt` to ensure build reproducibility and mitigate risks from unexpected updates. Regularly audit and update pinned versions.	LLM	scripts/requirements.txt:10
LOW	Partially Pinned Dependencies The `requirements.txt` file uses minimum version pinning (`>=`) for several dependencies instead of exact version pinning (`==`). While this allows for minor updates, it introduces a slight supply chain risk as a newer, potentially vulnerable version of a dependency could be installed without explicit review. Exact pinning ensures reproducibility and prevents unexpected changes from upstream packages. Consider using exact version pinning (e.g., `requests==2.31.0`) for all dependencies in `requirements.txt` to ensure build reproducibility and mitigate risks from unexpected updates. Regularly audit and update pinned versions.	LLM	scripts/requirements.txt:13
LOW	Partially Pinned Dependencies The `requirements.txt` file uses minimum version pinning (`>=`) for several dependencies instead of exact version pinning (`==`). While this allows for minor updates, it introduces a slight supply chain risk as a newer, potentially vulnerable version of a dependency could be installed without explicit review. Exact pinning ensures reproducibility and prevents unexpected changes from upstream packages. Consider using exact version pinning (e.g., `beautifulsoup4==4.12.0`) for all dependencies in `requirements.txt` to ensure build reproducibility and mitigate risks from unexpected updates. Regularly audit and update pinned versions.	LLM	scripts/requirements.txt:16
LOW	Partially Pinned Dependencies The `requirements.txt` file uses minimum version pinning (`>=`) for several dependencies instead of exact version pinning (`==`). While this allows for minor updates, it introduces a slight supply chain risk as a newer, potentially vulnerable version of a dependency could be installed without explicit review. Exact pinning ensures reproducibility and prevents unexpected changes from upstream packages. Consider using exact version pinning (e.g., `lxml==4.9.0`) for all dependencies in `requirements.txt` to ensure build reproducibility and mitigate risks from unexpected updates. Regularly audit and update pinned versions.	LLM	scripts/requirements.txt:17

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7fc48af8719a6d2b.svg)](https://skillshield.io/report/7fc48af8719a6d2b)