DeepThink
WarnAudited by ClawScan on May 10, 2026.
Overview
DeepThink is broadly aligned with a personal knowledge-base assistant, but it asks for sensitive account access, persistent profiling, live transcript monitoring, and proactive cross-channel actions that need careful review.
Only install this if you trust DeepThink with highly personal knowledge, todos, and possibly live transcript content. Before using it, confirm what API key scope is required, disable live transcript or Telegram-style outreach unless you explicitly want it, require confirmation before all record/todo changes, and regularly review or delete stored memory entries.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant could add or change personal knowledge-base entries or todo status based on inferred context, not only direct user commands.
The skill instructs the agent to use raw API mutations for personal records and todos. Some later text says significant actions should ask permission, but the main write-back workflow does not clearly require explicit confirmation for every new record or update.
When you learn something new:
- Create a record via `POST /api/records` ... When they confirm completion, mark it done via `PATCH /api/todos/{id}`.Require explicit user confirmation before every create, update, or completion action, and use narrow API permissions where possible.
Installing or using the skill may give the agent broad access to the user's DeepThink account data without a clearly declared or scoped credential contract.
The SKILL.md requires an account API key, while the provided registry requirements declare no primary credential or environment variable. The same instructions use that access for records, todos, subjects, and transcripts.
All API requests require the user's API key as a Bearer token: Authorization: Bearer dt_live_xxx
Declare the credential requirement, document its scopes, prefer read-only or limited tokens when possible, and rotate/revoke the key if the skill is no longer trusted.
Incorrect, sensitive, or manipulated records could influence future answers and decisions about the user across sessions.
The skill tells the agent to treat a persistent external knowledge base as authoritative and to update persistent memory with new user insights, creating a broad long-term profile that can be wrong, poisoned, or over-trusted.
DeepThink is the single source of truth about them — not just something you read, but something you actively maintain. ... Update your memory with significant new insights about the user.
Keep memory updates opt-in, review stored records regularly, avoid treating stored records as system-level truth, and allow easy deletion or correction.
Sensitive information from ambient conversations or transcripts could be sent through a messaging channel unexpectedly.
The skill routes responses from live transcript monitoring to an external messaging channel with unclear identity, consent, and data-boundary controls.
When responding to transcript content, send via the user's configured messaging channel (e.g., Telegram), NOT the current session. The user may not be at their computer — the whole point is ambient assistance.
Disable transcript-to-message behavior unless explicitly enabled, define the allowed channel, and require confirmation before sending messages based on transcript content.
The assistant may continue monitoring, reminding, and reaching out outside the immediate session or task.
The instructions describe recurring syncs, heartbeat-based transcript checks, and proactive outreach, which are ongoing autonomous behaviors rather than one-off user-directed actions.
Check DeepThink every 1-2 days ... At each heartbeat, check for active transcripts ... Be proactive — if you can add value, reach out.
Use only user-configured schedules, provide a clear stop/disable mechanism, and avoid heartbeat monitoring unless the user has explicitly opted in.
The assistant's wording may be tailored to persuade or pressure the user, not just inform them.
The skill explicitly stores and applies persuasion preferences. This may be intended for coaching/accountability, but users should understand that responses may be optimized to influence them.
How to Convince Me ... Approaches that actually get through to this user — what persuasion styles work, what falls flat, how they like arguments structured.
Keep persuasion-profile records transparent and editable, and avoid using them for sensitive choices unless the user explicitly wants that.
The user has limited information for verifying who operates the DeepThink service or whether the instructions match a trusted provider.
There is no executable package to review, which limits code-execution risk, but the provider provenance is not established in the supplied metadata.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Verify the service and publisher independently before providing an API key or sensitive personal data.