Claude Scientific Writer: why it is not safe to use
Claude Scientific Writer passed our scan at 72/100 but sends your research data to three external APIs and requests broad Bash access.
What we found
K-Dense-AI's Claude Scientific Writer drafts papers by pulling literature-search results and your uploaded files (PDF, DOCX, CSV) into the writing prompt. Our scan gave it 72/100 with a warn verdict. Nothing hidden turned up, but a few behaviors are worth knowing before you install it.
During normal use it sends your figures and research data to three external APIs: Anthropic for the model, Parallel for literature and web search, and OpenRouter for image generation. Those third-party research services see your queries and data. The plugin also declares broad permissions, including Bash alongside Read, Write, and Edit, and ships helper scripts (bump_version.py, publish.py), so it can run shell commands and write files. Because it ingests outside sources, a poisoned paper or document could steer what it writes.
On the clean side: it reads its own API keys from a local .env, does not log or forward them, does not touch system credentials or SSH keys, uses no privilege escalation, and carries no obfuscated payloads. It is a plain MIT-licensed Python package.
What to do instead
If you use it, avoid feeding it unpublished or confidential data, review the sources it cites, and run it in a sandboxed project directory so its Bash and file access stays contained.
Source: https://github.com/K-Dense-AI/claude-scientific-writer
We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.