We checked this and rejected itprivacy

agent-research-skills: why it is not safe to use

Passed at 87/100 with two advisory flags: search queries also reach a non-canonical host (ai-paper-finder.info), and it can read an optional API key from a plaintext file.

What we found

The skill cleared our review with a score of 87 out of 100. Its research workflow carries no hidden instructions, no exfiltration paths, and no destructive commands. Two items drew advisory flags.

First, the paper_finder tool sends academic search queries to standard sources such as arXiv, CrossRef, OpenAlex, Semantic Scholar, and GitHub, and also to a non-canonical host, ai-paper-finder.info. These calls are read-only, but that one host sits outside the well-known academic APIs, so your query terms reach a party we do not recognize.

Second, the skill can read a Semantic Scholar API key from a local plaintext file (~/keys.md) to raise rate limits. This is optional, user-controlled, and stays on your machine, but it does touch a plaintext key file.

What to do instead

Use the skill if academic search fits your work. To limit where queries travel, skip the paper_finder tool and rely on the canonical sources. Store any API key in an environment variable rather than a plaintext file, and treat the key file as optional.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/lingzhi227/agent-research-skills

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Paste it into your AI (ChatGPT, Claude, or your agent) to add the skill.