researchclaw-cn

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to provide API keys (or an env var name) and explicitly generates and displays a config.yaml containing llm.api_key, which would cause the agent to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly performs "真实引文检索" and lets you choose public literature sources ("文献来源": arxiv, semantic_scholar 或 both) (see /researchclaw:config and the stage 3 "文献检索" description in SKILL.md), meaning the agent will ingest open/public third‑party content (papers) that can influence pipeline decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires installing and/or git-cloning the AutoResearchClaw package from https://github.com/aiming-lab/AutoResearchClaw (or via pip install researchclaw / pip index https://pypi.tuna.tsinghua.edu.cn/simple) during /researchclaw:setup, which would fetch and install remote code that the skill depends on and which can execute code and control runtime behavior/prompts.