brightdata-research
v1.0.0Use when the user asks to batch-search candidates, verify public web evidence, dedupe results, and organize them into Feishu/Lark docs. Use especially for re...
⭐ 0· 47·0 current·0 all-time
by@16miku
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The skill name/description describe batch web search, scraping, dedupe, risk-scoring, and writing to Feishu/Lark; the SKILL.md and reference docs consistently require BrightData for search/scrape and lark-cli for Feishu writes. No unrelated services or secrets are requested. Note: the manifest lists no declared required env vars, yet the runtime instructions require the user to provide BrightData API keys and Feishu auth (this is expected for an instruction-only skill but is a documentation gap in metadata rather than a mismatch of purpose).
Instruction Scope
The instructions legitimately instruct the agent to check environment state, call MCP tools or CLI, read Feishu docs, and optionally run subagents. These actions are within the skill's stated remit (preflight checks, reading/writing target Feishu docs, git/worktree checks). Important: the skill tells the agent to run system commands (npm installs, git init/commit, lark-cli calls, brightdata CLI calls) and to read remote/local document contents — all of which are powerful actions but consistent with the purpose.
Install Mechanism
There is no install spec in the manifest (instruction-only), but the docs explicitly instruct installing packages via npm (e.g., @brightdata/cli, @larksuite/cli) and adding skills via npx. These are standard package sources (npm, GitHub). No untrusted direct-download URLs or obfuscated installers are present; automatic global installs and npx commands require elevated privileges and network access, so the user should expect those side effects.
Credentials
The skill requires sensitive credentials at runtime (BrightData API token / MCP config and Feishu/Lark authentication) and requires Node/npm and possibly git. Those credentials are proportionate to the skill's functionality. However, the manifest does not explicitly declare required env vars or a primary credential — the references and SKILL.md do instruct how to provide them (including BRIGHTDATA_API_KEY examples). This is a documentation gap: the skill will need those secrets to operate but they are not enumerated in the registry metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It does instruct commands that modify the system (npm global installs, git init/commit, adding MCP entries) and will read/write user Feishu documents when authorized. Those are expected for the workflow but have real side effects and require user consent/credentials.
Assessment
This skill appears to do what it claims: it uses BrightData for parallel search/scraping, dedupes and risk-scores results, and can append structured Markdown to Feishu/Lark docs via lark-cli. Before installing or running it, consider: (1) It will ask you to provide BrightData API tokens and to authorize lark-cli (Feishu) — only provide credentials you trust and prefer least-privilege tokens. (2) The skill's instructions include running system commands (npm install -g, npx skills add, git init/commit, claude mcp add) which will modify the environment; review/approve these commands before allowing execution. (3) If you need to avoid global installs or git changes, run the skill in an isolated environment or a disposable container/session. (4) Because the manifest is instruction-only, the skill does not itself store credentials in code, but the agent executing these instructions will need your tokens to read/write Feishu documents — confirm how your agent handles secrets. (5) If you are concerned, test on a non-sensitive Feishu doc or use read-only trials first. Overall the skill is internally coherent with its purpose, but exercise normal caution around credentials and system-level installs.Like a lobster shell, security has layers — review code before you run it.
2026.4.13vk97er29f5cy20bs5s6t196k54h84pdqplatestvk97er29f5cy20bs5s6t196k54h84pdqp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.