Oathe Security Badge

Is lraivisto/researchvault safe?

https://github.com/openclaw/skills/tree/main/skills/lraivisto/researchvault

87
SAFE

ResearchVault appears to be a legitimate local-first research orchestration tool with comprehensive functionality and proper security controls including SSRF protection and access controls. While sensitive file access was detected during monitoring, no actual data exfiltration occurred and canary integrity checks passed.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (2)

LOW Sensitive File Path Access Detected -25

The monitoring system detected access to sensitive file paths including .env, SSH keys, AWS credentials, and other configuration files. However, canary integrity checks confirm no actual data exfiltration occurred, and the access may be related to SSH operations rather than the skill itself.

INFO Broad Tool Capabilities -25

ResearchVault is a comprehensive research orchestration tool with significant capabilities including web scraping, database operations, file system access, and optional background services. While legitimate, users should be aware of the scope of functionality.