Deep Research (Gemini)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: agent-deep-research Version: 2.1.3 This skill is classified as benign due to robust, explicit security measures implemented by the developers. Key indicators include comprehensive sensitive file filtering in `scripts/research.py` and `scripts/upload.py` to prevent accidental credential exposure, a critical SSRF prevention mechanism in `scripts/research.py`'s PDF export function, and hardened prompt injection defenses for follow-up queries. The `CHANGELOG.md` and `CLAUDE.md` documents further demonstrate a proactive security posture, detailing past vulnerability fixes and internal security rules, indicating a strong commitment to secure development practices. There is no evidence of intentional harmful behavior or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent with file access could start research or upload chosen context paths without an additional confirmation dialog.
The skill explicitly supports non-interactive agent execution, which is useful for automation but means file uploads or paid API calls can proceed without a human prompt once an agent chooses the command.
When stdin is not a TTY (agent/CI use), confirmation prompts are automatically skipped... an autonomous agent with file system access could trigger uploads.
Use narrow context paths, prefer --dry-run before uploads, set --max-cost for paid runs, and restrict agent filesystem access where possible.
The skill can consume quota and generate charges on the Google account tied to the API key.
The skill needs delegated Google/Gemini account access to perform its core function; the artifacts state this is read from environment variables and used for the Google API.
This skill requires a Google/Gemini API key... The key is read from environment variables and passed to the google-genai SDK.
Use a dedicated API key for this skill, monitor usage, and revoke or rotate the key if it is no longer needed.
Selected project files or documents may leave your machine and be used as retrieval context for Gemini responses.
RAG grounding sends selected local files to a remote file search store, and those files can influence research output; the docs also disclose filtering, dry-run preview, and auto-deletion behavior.
The --context flag uploads local files to Google's ephemeral file search stores for RAG grounding... Only files you explicitly point --context at are uploaded
Run --dry-run to preview uploads, avoid pointing --context at broad or sensitive directories, use extension filters, and delete or avoid keeping stores unless needed.