agent-research-skills: why it is not safe to use
Passed at 87/100 with two advisory flags: search queries also reach a non-canonical host (ai-paper-finder.info), and it can read an optional API key from a plaintext file.
What we found
The skill cleared our review with a score of 87 out of 100. Its research workflow carries no hidden instructions, no exfiltration paths, and no destructive commands. Two items drew advisory flags.
First, the paper_finder tool sends academic search queries to standard sources such as arXiv, CrossRef, OpenAlex, Semantic Scholar, and GitHub, and also to a non-canonical host, ai-paper-finder.info. These calls are read-only, but that one host sits outside the well-known academic APIs, so your query terms reach a party we do not recognize.
Second, the skill can read a Semantic Scholar API key from a local plaintext file (~/keys.md) to raise rate limits. This is optional, user-controlled, and stays on your machine, but it does touch a plaintext key file.
What to do instead
Use the skill if academic search fits your work. To limit where queries travel, skip the paper_finder tool and rely on the canonical sources. Store any API key in an environment variable rather than a plaintext file, and treat the key file as optional.
Source: https://github.com/lingzhi227/agent-research-skills
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.