Deep Research (Gemini)
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears aligned with its Gemini research purpose, but it can use your Gemini API key and upload explicitly selected local files to Google for RAG-based analysis.
This skill looks purpose-aligned for Gemini deep research. Before installing, be comfortable with using a Gemini API key, possible API costs, and sending explicitly selected context files to Google. Prefer a dedicated API key, run --dry-run before uploads, set --max-cost for autonomous use, choose narrow --context paths, and clean up stores when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with file access could start research or upload chosen context paths without an additional confirmation dialog.
The skill explicitly supports non-interactive agent execution, which is useful for automation but means file uploads or paid API calls can proceed without a human prompt once an agent chooses the command.
When stdin is not a TTY (agent/CI use), confirmation prompts are automatically skipped... an autonomous agent with file system access could trigger uploads.
Use narrow context paths, prefer --dry-run before uploads, set --max-cost for paid runs, and restrict agent filesystem access where possible.
The skill can consume quota and generate charges on the Google account tied to the API key.
The skill needs delegated Google/Gemini account access to perform its core function; the artifacts state this is read from environment variables and used for the Google API.
This skill requires a Google/Gemini API key... The key is read from environment variables and passed to the google-genai SDK.
Use a dedicated API key for this skill, monitor usage, and revoke or rotate the key if it is no longer needed.
Selected project files or documents may leave your machine and be used as retrieval context for Gemini responses.
RAG grounding sends selected local files to a remote file search store, and those files can influence research output; the docs also disclose filtering, dry-run preview, and auto-deletion behavior.
The --context flag uploads local files to Google's ephemeral file search stores for RAG grounding... Only files you explicitly point --context at are uploaded
Run --dry-run to preview uploads, avoid pointing --context at broad or sensitive directories, use extension filters, and delete or avoid keeping stores unless needed.