Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Local Researcher
v1.0.0完全本地的深度研究助手 Skill。使用 Ollama 或 LMStudio 本地 LLM 进行迭代式网络研究,生成带引用来源的 Markdown 报告。当用户需要进行隐私优先的研究、本地文档分析或生成结构化研究报告时触发。
⭐ 0· 77·0 current·0 all-time
byantonia huang@antonia-sz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be a fully local research assistant, but the package metadata lists no required binaries or env vars while the SKILL.md and quickstart script explicitly assume Ollama or LMStudio installed and configured. Requiring a local LLM runtime and optional external search providers is coherent with the stated purpose, but the registry metadata omits those requirements, which is an inconsistency.
Instruction Scope
SKILL.md instructs cloning a GitHub repo, installing dependencies, configuring .env, running local LLM endpoints, and performing web searches. It also recommends optional external search services (Tavily, Perplexity) that would contact third‑party servers. The 'all data stays local' privacy claim is therefore conditional and misleading unless the user explicitly avoids external search APIs.
Install Mechanism
There is no formal install spec in the registry (instruction-only). The README suggests installing Ollama via a curl | sh installer and pip install -e ., which will pull packages from the network. No embedded or obfuscated installers are present in the skill bundle itself, but the user will run network installs at setup time.
Credentials
Registry metadata declares no required environment variables, yet SKILL.md expects many optional/required env settings (LLM_PROVIDER, OLLAMA_BASE_URL, LOCAL_LLM, LMSTUDIO_BASE_URL, SEARCH_API and API keys such as TAVILY_API_KEY/PERPLEXITY_API_KEY). This mismatch is problematic: secrets may be needed depending on chosen search provider, and the metadata does not surface that.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. The included quickstart script only inspects local repo state and calls the 'ollama' binary; it does not attempt to modify other skills or global agent configuration.
What to consider before installing
This skill appears to implement what it claims (local research with local LLMs) but the registry metadata understates its requirements. Before installing: 1) Verify the source repository (the SKILL.md points to https://github.com/langchain-ai/local-deep-researcher.git) and review its code and setup files; 2) Expect to install Ollama or LMStudio and to run models locally — verify you trust those installers (curl | sh); 3) Treat any .env or API key values as sensitive; do not supply third‑party search API keys (Tavily/Perplexity) if you require strict privacy — use DuckDuckGo or a self‑hosted SearXNG; 4) Run initial setup in an isolated environment (VM/container) and inspect network traffic if you want to confirm data remains local; 5) If you rely on the registry metadata to decide safety, ask the publisher/maintainer to correct the declared requirements before proceeding.Like a lobster shell, security has layers — review code before you run it.
langchainvk974rfq4bm7s44w91gz8fs4fwh83f7wdlatestvk974rfq4bm7s44w91gz8fs4fwh83f7wdlmstudiovk974rfq4bm7s44w91gz8fs4fwh83f7wdlocalvk974rfq4bm7s44w91gz8fs4fwh83f7wdollamavk974rfq4bm7s44w91gz8fs4fwh83f7wdprivacyvk974rfq4bm7s44w91gz8fs4fwh83f7wdresearchvk974rfq4bm7s44w91gz8fs4fwh83f7wd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.