by OpenLAIR
A Super AI Lab with massive AI Doctors as Assistants. Best IDE for Research via AI Power.
# Add to your Claude Code skills
git clone https://github.com/OpenLAIR/dr-clawLast scanned: 7/17/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@babel/core: @babel/core: Arbitrary File Read via sourceMappingURL Comment",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@chevrotain/cst-dts-gen: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@chevrotain/gast: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "basic-ftp: basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands",
"severity": "high"
},
{
"type": "npm-audit",
"message": "body-parser: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "cacache: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "chevrotain: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "chevrotain-allstar: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "defu: defu: Prototype pollution via `__proto__` key in defaults argument",
"severity": "high"
},
{
"type": "npm-audit",
"message": "dompurify: DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "electron: Electron: AppleScript injection in app.moveToApplicationsFolder on macOS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild allows arbitrary file read when running the development server on Windows",
"severity": "low"
},
{
"type": "npm-audit",
"message": "express: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "express-rate-limit: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "form-data: form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"severity": "high"
},
{
"type": "npm-audit",
"message": "handlebars: Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "hono: Hono has CSS Declaration Injection via Style Object Values in JSX SSR",
"severity": "high"
},
{
"type": "npm-audit",
"message": "http-proxy-agent: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "js-yaml: JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "langium: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash-es: lodash vulnerable to Code Injection via `_.template` imports key names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "make-fetch-happen: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mermaid: Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "multer: Multer vulnerable to Denial of Service via deeply nested field names",
"severity": "high"
},
{
"type": "npm-audit",
"message": "node-gyp: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "prismjs: PrismJS DOM Clobbering vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "qs: qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "react-router: React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "react-router-dom: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "react-syntax-highlighter: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "refractor: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "release-it: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "shell-quote: shell-quote quote() does not escape newlines in object .op values",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "sqlite3: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
"severity": "high"
},
{
"type": "npm-audit",
"message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "high"
}
],
"status": "FAILED",
"scannedAt": "2026-07-17T06:14:20.077Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}dr-claw is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by OpenLAIR. A Super AI Lab with massive AI Doctors as Assistants. Best IDE for Research via AI Power. It has 1,032 GitHub stars.
dr-claw failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/OpenLAIR/dr-claw" and add it to your Claude Code skills directory (see the Installation section above).
dr-claw is primarily written in JavaScript. It is open-source under OpenLAIR on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh dr-claw against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
[!NOTE] Excited about Anthropic's Claude Science (launched June 30, 2026)? Dr. Claw has been shipping the same vision since February 2026 — and it's fully open source, model-agnostic (Claude Code, Gemini CLI, Codex, plus hundreds of models via OpenRouter), and runs on your own machine with your own data and GPUs. It also covers the full research lifecycle — survey → ideation → experiments → paper writing → slides & promotion — not just computational analysis. Free to use; no subscription required.
Dr. Claw is a general-purpose AI research assistant designed to help researchers and builders execute end-to-end projects across different domains. From shaping an initial idea to running experiments and preparing publication-ready outputs, Dr. Claw keeps the full workflow in one place so teams can focus on research quality and iteration speed.
Manual work is too slow. Fully automated AI is too generic. Vibe Researching is the new frontier. Dr. Claw turns your Research Taste into outsized outcomes with Agentic Execution--so you can move faster, think bigger, and still hold the line on scientific rigor.
2026-04-08 — One click to launch fully autonomous research! Pick a tool pack (ARIS, Autoresearch, DeepScientist), hit configure, choose a workflow in Chat — and watch the agent run your entire research pipeline from idea to paper while you sleep.2026-04-06 — Dr. Claw now runs as a native desktop app! Grab the .dmg / .exe from GitHub Releases, or run npx dr-claw for zero-setup instant start.2026-04-06 — Research Lab and Files now live side-by-side as switchable tabs in the right sidebar — everything you need, one glance away.2026-04-06 — Preview any project file inline with a sleek pill toggle and sidebar browser — no more context-switching!2026-04-06 — Love the terminal? Run dr-claw chat for a fully agentic session with any OpenRouter model — zero browser required.2026-03-30 — Fine-tune your AI's thinking! Codex reasoning effort and Gemini thinking strength selectors are now right in Chat.2026-03-30 — Dr. Claw automatically detects your local GPU resources — ready to put that hardware to work.2026-03-28 — Unlock hundreds of models (GPT-5, Claude, Gemini, DeepSeek, Llama, Kimi, and more) with a single API key. The world's models at your fingertips!2026-03-26 — Crashed mid-session? No sweat — hit the retry button and pick up right where you left off.2026-03-26 — Port already taken? Dr. Claw finds a free one automatically. One less thing to worry about.2026-03-26 — Tasks auto-load into Chat with a handy badge dropdown — just click and go!2026-03-26 — Sessions are now auto-tagged by research stage — instantly see where each conversation stands.2026-03-24 — New skill for crafting review rebuttals — turn reviewer feedback into publication-ready responses.2026-03-21 — Run multiple sessions in parallel with smart naming — juggle projects like a pro!2026-03-21 — Accidentally deleted a project? Relax — it's in the trash, ready to be restored.2026-03-21 — Full CLI control plus an OpenClaw integration for mobile-friendly, voice-ready research management.2026-03-20 — Manage your papers with a streamlined picker and local Zotero support — your literature, organized.2026-03-20 — Stage, commit, diff, and switch branches without ever leaving the app. Version control, built in.2026-03-14 — Stay on top of research-relevant updates right inside your workspace — never miss a trending paper!inno-pipeline-planner skill to interactively generate a structured research brief and task list — no manual templates needed| Artifact | Location | Description | |
|---|---|---|---|
| 📚 | Survey reports | Survey/reports/ |
Literature reviews with citations from arXiv, Semantic Scholar, and web sources |
| 💡 | Research ideas | Ideation/ideas/ |
Brainstorming outputs with multi-persona evaluation scores |
| 🔬 | Experiment code | Experiment/core_code/ |
Implementation from the plan → implement → judge loop |
| 📊 | Analysis results | Experiment/analysis/ |
Statistical analysis, tables, and paper-ready figures |
| 📝 | Paper draft | Publication/paper/ |
Academic manuscript (IEEE/ACM format) with citations and LaTeX math |
| 🎞️ | Presentation | `Promotion/slides/ |