Is academic-deep-research safe?
https://clawhub.ai/kesslerio/academic-deep-research
The skill installation failed due to rate limiting, resulting in only a stub lock.json file being present. No malicious content was detected in the available artifact, but this audit is fundamentally incomplete — the actual SKILL.md, source code, and dependencies were never downloaded. The trust score reflects the absence of threats in available evidence tempered by the inability to assess the full skill.
Category Scores
Findings (4)
HIGH Incomplete installation due to rate limiting -10 ▶
The skill installation failed with 'Rate limit exceeded' error, meaning the full skill content was never fetched. The only artifact present is a .clawhub/lock.json stub file. This audit evaluated an incomplete snapshot and cannot provide a definitive security assessment of the actual skill.
MEDIUM Empty SKILL.md — skill has no visible instructions -5 ▶
The SKILL.md file is completely empty. A legitimate skill should contain instructions defining its behavior. While this means no prompt injection is present in the current state, it also means the skill provides zero functionality. This could indicate a failed download (consistent with the rate limit error) or a placeholder/stub skill.
INFO No executable content found -5 ▶
The repository contains only .clawhub/lock.json with version metadata. No scripts, no dependencies, no hooks, no submodules. This is consistent with a failed/incomplete installation rather than a deliberately minimal skill.
INFO Audit performed against incomplete artifact -70 ▶
Because installation was interrupted by rate limiting, any conclusions about this skill's safety are provisional. The actual skill may contain SKILL.md instructions, source code, dependencies, or other artifacts that were not evaluated. A malicious skill could appear clean in a partial download while containing harmful content in the full version.